ENTERPRISE RISK SERVICESManaging Risk, Driving Results

Recent corporate scandals have forever changed the corporate governance landscape. At MNP, our Enterprise Risk Services team assists organizations in achieving best practices in corporate governance — and managing enterprise risks more effectively.

MNP offers a full suite of corporate governance, risk management, regulatory compliance and operational effectiveness services. Whatever your specific needs, MNP will work with you to implement a tailored, cost-effective risk solution.

Access the experience of more than 3,000 MNP team members across Canada – and valuable resources in more than 80 countries.

Risk ManagementSolutions

• Governance Effectiveness

• Risk Oversight

• ERM Framework &

Program Implementation

• ERM Maturity Assessm

ent

• Risk Assessment

& Mitigation

• Organizational Structure & Governance

• Business Process &

Control Improvement

• People & Technology

Effectiveness• Lean Six Sigma

• Business Continuity

Planning

• Crisis Management &

Communications

• IT Disaster Recovery

• Emergency Preparedness & Response

• Scenario & Simulation Testing

• Critical Infrastru

cture Protection

• Supply Chain Risk

• Anti-Fraud Program

• Whistleblower Hotline

• Forensic Investigation

• Enterprise Security Management

• Threat Vulnerability Risk Assessment

• IT Strategy & Governance

• Information Security

& Privacy

• Technology Controls Assurance

• IT Project Risk Management

• Third Party Reporting

• Data Analytics

Technology Risk

Business Resilience

Governance & Risk Management Operational Effectiveness Internal Audit &

Controls

F

oren

sics

& E

nter

pris

e Se

curit

y

2

Our Enterprise Risk Services team possesses unrivalled expertise and thought leadership in risk management.

MNP’s enterprise risk professionals have extensive experience assisting organizations of all sizes and operating in major industries. This expertise ranges

from implementing tailored Enterprise Risk Management solutions to leading the global Sarbanes-Oxley 404

compliance efforts for some of the largest organizations in the world. At MNP, we differentiate ourselves from our competitors

by committing more senior personnel to help you achieve your goals. As we firmly believe that an integrated Partner approach is

the key to add true enterprise value, our thought leaders work closely with you throughout each step of your engagement.

MNP is an independent member of Praxity, AISBL, which is a global alliance of independent accounting firms. Praxity strives to be the most advanced alliance

of strong, like-minded, independent and committed accounting firms that deliver unmatched client service and quality solutions globally. With a network of more than 100

offices in 80 countries across the globe, MNP is able to draw upon the expertise and international experience of member firms to deliver value-added solutions to their clients.

How MNP Can Add Value

• Governance Effectiveness

• Risk Oversight

• ERM Framework &

Program Implementation

• ERM Maturity Assessm

ent

• Risk Assessment

& Mitigation

• Organizational Structure & Governance

• Business Process &

Control Improvement

• People & Technology

Effectiveness• Lean Six Sigma

• Business Continuity

Planning

• Crisis Management &

Communications

• IT Disaster Recovery

• Emergency Preparedness & Response

• Scenario & Simulation Testing

• Critical Infrastru

cture Protection

• Supply Chain Risk

• Establishment of an

Internal Audit Function

• Internal Auditing

• CEO / CFO Certification

• Compliance Auditing

• Value for Money Auditing

• Quality Assurance Reviews

• IT Strategy & Governance

• Information Security

& Privacy

• Technology Controls Assurance

• IT Project Risk Management

• Third Party Reporting

• Data Analytics

Technology Risk

Business Resilience

Governance & Risk Management Operational Effectiveness Internal Audit &

Controls

F

oren

sics

& E

nter

pris

e Se

curit

y

3

In today’s highly competitive, global and complex business environment, it’s more important than ever for organizations to adopt prudent corporate governance practices and an enterprise-wide approach to risk management. MNP helps you develop these interdependent but distinct areas with a comprehensive, pragmatic approach based on sound governance and risk management principles that apply to organizations of all sizes and industries.

How MNP Adds ValueBy understanding the different objectives and sophistication levels of the organizations we serve, MNP customizes our proven governance and risk management solutions to help you achieve your vision, mission, and entity goals and objectives.

Our governance and risk management professionals have provided solutions on an international scale to a wide range of industries and organizations of varying sizes and complexity. We will leverage our deep expertise and experience to assist you in designing and implementing an effective governance and risk management framework and practices that are tailored to your organization’s needs and aligned with your culture.

Corporate GovernanceThe financial crisis exposed widespread flaws in corporate governance practices. Since then, boards and executives have been under intense scrutiny, with stakeholders demanding greater vigilance, transparency and accountability, and authorities introducing more rigorous governance standards and regulations. Sound corporate governance is paramount to your organization’s long-term success and resilience.

Our thought leaders have extensive experience providing governance solutions that are aligned with leading “good governance” principles and practices and evolving corporate governance regulatory requirements. We focus on establishing effective governance principles, policies, guidelines and processes to optimize value to the organization and its stakeholders. We can help you design and implement a tailored governance model right-sized for your organization that also complies with regulatory requirements and meets stakeholder expectations.

Governance & Risk Management

Sound corporate governance is

paramount to your organization’s

long-term success and resilience.

4

Achieve an optimal risk and reward balance

to maximize your enterprise value.

Our governance professionals deliver comprehensive solutions, including:

• Evaluating the effectiveness of current governance frameworks and practices

• Developing and implementing tailored corporate governance models

• Designing governance structures, committees and charters

• Providing board and committee education, training and coaching on all aspects of effective stewardship and oversight responsibilities

• Developing organization-wide policies and procedures

• Facilitating strategic and operational planning workshops

• Creating customized reporting and communication processes

• Evaluating board and committee effectiveness

• Providing special board assistance such as developing a skills matrix and resolving conflict at the board table

Risk ManagementEnterprise Risk Management (ERM) presents a fundamental shift in the way organizations identify, evaluate, prioritize, manage and monitor risks – moving away from silos to a holistic, integrated approach. In implementing formal risk management frameworks, we help organizations proactively manage threats that could derail the achievement of entity objectives while maximizing opportunities.

Our ERM specialists have a proven track record for providing practical risk management solutions that are comprehensive and results-based, aimed at helping organizations make better decisions, reduce uncertainty, minimize costs and improve performance. We understand that every organization is unique and therefore our focus is to customize risk management solutions to help you achieve your strategic, operational and financial goals and objectives.

Our professionally certified risk professionals bring diverse expertise and in-depth knowledge in all aspects of leading ERM principles and practices, allowing us to offer a broad range of services, including:

• Performing a maturity assessment of your existing ERM program

• Developing and implementing an ERM framework and program that are integrated with existing processes and aligned with your unique culture

• Developing a risk appetite that defines the amount of risk that your organization is prepared to accept in pursuit of entity objectives

• Working with you to identify, evaluate and prioritize your enterprise-wide, operational or project-related risks and delivering effective treatment plans to reduce threats to an acceptable level

• Providing board and management training on the fundamentals of ERM

• Establishing a monitoring process for new and emerging risks

• Developing ERM communication and reporting processes

Our ultimate goal is to help your organization achieve an optimal risk and reward balance to maximize your enterprise value.

5

Internal Audit & ControlsNow more than ever, organizations must “do more with less” while continuing to effectively manage risks that may prevent them from reaching their goals and objectives. Business leaders across all industries and sectors are facing growing pressure to increase revenue, reduce costs, improve customer satisfaction, pursue new markets, increase shareholder value and comply with new regulations in an increasingly competitive environment.

How do you plan on staying ahead of your competition? Organizations often respond by simply focusing on deep cost reductions to increase profitability. At MNP, we believe organizations must drive operational effectiveness to achieve sustained productivity gains and promote innovation to create a competitive advantage. But many organizations that undertake such initiatives to optimize performance typically fall short of expectations, mainly because processes are often improved on an ad-hoc basis or the improvement project is isolated to a certain area of the organization.

MNP helps public and private organizations in a diverse range of industries optimize operational performance, fully leverage resources and manage risks - ultimately to develop a strategic and competitive advantage. We believe that operational effectiveness must be achieved in a sustained, strategic manner. As a result, our methodology helps you to instill a culture of continuous improvement in the day-to-day fabric of your business and to implement an organization-wide approach to operational excellence whereby performance improvement initiatives are prioritized based on your strategic objectives.

Our systematic methodology begins with strategically aligning your business processes by designing the appropriate operational structure and optimal set of business processes - with the right governance and controls - required to achieve your organizational objectives. We then focus on improving the efficiency and effectiveness of your business processes by driving opportunities to automate, strengthen, streamline, standardize and centralize existing processes as well as to develop new processes where necessary. It is critical that we do not sacrifice proper internal controls for efficiency. As such, as part of our process improvement solution, we will design and implement an optimal system of internal controls to address the priority risks that could derail the achievement of your goals and objectives.

We focus on improving the efficiency and

effectiveness of your business

processes by driving

opportunities to automate,

strengthen, streamline,

standardize and centralize existing

processes.

Operational Effectiveness

6

Our operational effectiveness experts have deep experience applying various process improvement methodologies and will employ the most appropriate methodology for the nature, size and complexity of your organization and the specific issue at hand. For example, Lean Six Sigma is one methodology we may leverage. It is a powerful tool to reduce waste, lead time, defects and errors. Our Master Black Belts can help your organization translate process improvement initiatives into concrete financial results.

Operational excellence can only be achieved if processes are supported with the right people and technology. We work with you to define and develop programs to improve people effectiveness – activities that lead, motivate, develop and support your human capital. We’ll also evaluate your current and planned technologies, infrastructure and support systems to ensure your organization has the appropriate technological capabilities to support your operational processes and help determine if current systems are being used to their capacity.

Lean Six Sigma is a powerful tool

to reduce waste, lead time, defects

and errors.

7

Internal Audit & ControlsHeightened focus on governance and the need for transparency with stakeholders has highlighted the growing importance of establishing and maintaining an effective system of internal controls to adequately safeguard assets, improve reliability of financial reporting and assess compliance with applicable laws and regulations. This includes having a mechanism in place that provides independent assurance that your internal control systems are mitigating risk and highlights opportunities to improve operations and optimize performance through an effective internal audit function.

Our risk professionals will work with you to develop an appropriate system of internal controls to address your top business risks. We can create a tailored, cost-effective internal audit solution to help you achieve effective corporate governance and provide senior management with timely and reliable business intelligence.

Internal AuditWe can assist your organization by establishing an internal audit function or extending the scope of your existing assurance program to both significantly contribute to shareholder value and assist management in fulfilling their operational responsibilities. Having an effective internal audit function is essential for managing risks and strengthening your ability to conduct business through a controlled environment. By applying our proven, risk-based internal audit methodology, we can provide your organization with a cost-effective, value-added internal audit solution.

Our team can facilitate the development or execution of your internal audit plan through a range of sourcing options that enable you to expand scope and improve operations. Outsourcing part or all of this responsibility enables you to look after the overall strategy and operational priorities of your organization, while we handle the day-to-day function of internal audit. Strategic co-sourcing is a cost-effective solution to ensure you have the right resources. We can provide a resourcing solution if your internal audit department is challenged with issues related to operational priorities, specialized expertise, geography or capacity. Our specialists will partner with your existing internal audit team to provide assistance when and where it is needed most.

We can also help ensure the effectiveness of your internal audit function by conducting a quality assessment review to benchmark your audit function against leading professional practices and industry standards.

CEO/CFO CertificationComplying with CEO / CFO certification requirements such as Sarbanes-Oxley 404 or National Instrument 52-109 can be a complex process. Companies must adopt a practical, streamlined approach to avoid the excessive costs of a ‘one-size-fits-all’ strategy. We employ a top-down, risk-based approach designed specifically to help organizations achieve sustained compliance in a cost-effective manner. Our methodology is firmly based on ‘doing it right the first time’ and eliminates the need to rationalize or optimize key controls in future years. We will also leverage the benefits of the compliance process to create enterprise value by identifying operational improvement opportunities and benchmarking against leading industry practices.

Strategic co-sourcing is a

cost-effective solution to ensure

you have the right resources.

8

While some organizations may choose a ‘do-it-yourself’ approach, working with a qualified, independent party offers a number of significant benefits. Our team has extensive CEO / CFO certification experience, and our third-party, independent reviews provide additional credibility to support management certifications when subject to external scrutiny. Engaging an independent team also enables internal staff to focus on other value-added priorities, while reducing the need for additional hiring costs during times of higher resource demands to meet certification requirements.

Compliance Regardless of the sector, every organization is subject to some form of compliance requirement, whether it is regulatory, contractual, statutory or public sector mandates. We have a dedicated team that can help you understand your universe of compliance requirements, establish formal policies and procedures, implement a system of internal controls to address your priority risks and develop a program to evaluate and monitor compliance. Our team has deep experience in performing compliance audits both in the private and public sectors. Through our proven methodology, we deliver reliable audit programs and reports to satisfy any of your compliance requirements.

Our methodology is firmly based

on doing it right the first time and

eliminates the need to rationalize or

optimize key controls in future years.

9

Business Resilience

Our world has changed. We live and work amid new and emerging threats — fiscal crises, extreme weather and environmental change, terrorism, fraud, workplace violence, pandemics and a host of natural and man-made threats that have wreaked havoc on our business and operating environments. To further complicate matters, globalization and fierce competition have created even greater risks and being prepared is critical to your organization’s future success.

A disruption or crisis can have long-term effects on the financial, operational and overall health of your organization. Industry studies report that two out of five companies that experience a crisis do not survive. Many organizations do not have adequate programs in place to ensure continuity of operations that will protect the enterprise in the event of a crisis and satisfy the expectations of board members and key stakeholders. Today, organizations must be able to do more than just recover business processes and technology after a disruption.

Organizations are expected to identify and mitigate:

• Major disruptions of key operations

• Loss of key vendors/partners

• Loss of key people

• Breaches to buildings, critical infrastructure, information and technology

• Threats and potential damage to revenue, customer service, reputation and brand

Developing effective strategies to proactively identify and manage these threats are your best defense in an ever-changing world. Individual plans and programs are critical, but true resilience is achieved by integrating effective programs and linking them to your organization’s overall risk based strategic planning process. MNP can help you develop plans and programs that integrate and mutually support one another to achieve the synergies for effective resilience.

MNP’s Integrated Methodology

Two out of five companies that

experience a crisis do not survive.

10

MNP’s business resilience solutions are customized to your needs and designed to ensure continuity of operations — helping you maintain a competitive advantage.

Risk & Vulnerability AssessmentsEnhance your organization’s ability to effectively conduct operations by understanding your threats, vulnerabilities and risks. MNP helps you identify and evaluate countermeasures for risks and other issues that could affect your organization.

Emergency Response PlanningDevelop clear, concise corporate directives to protect and safeguard customers and employees before decision makers are informed. MNP will work with you to develop a comprehensive plan that includes floor warden programs, evacuation plans, disability evacuation, notification protocols and assembly points.

Business Impact Analysis & Strategy DevelopmentDetermine which business processes are critical to the ongoing viability of your business. We also measure the impact of loss to determine which resources are required to achieve continuity.

Crisis & Communication PlanningDetermine the internal and external communications for your organization and a clear chain of command with a comprehensive crisis management plan. Protect your brand and effectively communicate to the media and your customers, before, during and after a crisis in order to maintain consumer confidence, market share and continuity of operations.

Supply Chain RiskDevelop a comprehensive supply chain strategy to identify critical risks and build contingency plans into each of your supply chain management processes.

IT Disaster Recovery PlanningDevelop a comprehensive plan through a series of facilitated workshops and assessments to effectively recover your IT systems and infrastructure.

Business Recovery PlanningDevelop instructive recovery plans for critical processes through the use of existing documentation and information sources. We will work with your employees to create a tailored action plan that best serves your needs.

Testing & Maintenance ProgramsEnsure your programs will work when you need them to. Through comprehensive testing, we document gaps and errors and deliver solutions to maximize the “real world” effectiveness of your contingency plans.

With help from MNP, you will gain the confidence of knowing your organization is better prepared to anticipate, mitigate and respond to a wide range of threats — transforming a potential crisis into a competitive advantage.

Anticipate, mitigate and

respond to a wide range of threats - transforming a potential crisis

into a competitive advantage.

11

Technology Risk

The protection of your information and communication technology assets is more critical than ever. From operational performance improvements to process efficiencies, today’s technologies not only support global operations but are critical to enable key business opportunities and drive growth. You need to manage the risks of emerging technology today, while planning for tomorrow.

At MNP, we understand the value technology can bring to your organization as well as the risks that it can present to your environment. Our specialists have successfully assisted organizations identify key risks, prioritize efforts, and align the appropriate governance and controls to cost-effectively mitigate the risks of system interruption and failure. Our Technology Risk Services team delivers real business value by identifying and addressing complex enterprise issues and improving business performance.

IT Strategy and GovernanceEffective IT governance is essential to support the delivery of your strategic objectives and optimize the value of technology investment. Our experienced teams can help your organization align IT business operations and strategic objectives, evaluate IT risks and system performance, and strengthen IT security management programs and controls. Our pragmatic and tailored methodology and tools provide a strong and efficient approach toward the implementation and maintenance of IT strategy and governance that provide value for the organization.

Information Security and PrivacyOur security and privacy professionals assist organizations to identify and mitigate the critical security threats and risks pertaining to your environment. Our Technology Risk Services team can assist you to safeguard information assets and manage the risk of unauthorized disclosure, modification or loss of critical information, including the challenges with emerging technologies such as cloud computing, social media and mobile devices. Our methodology begins with evaluating your risk profile and implementing an effective and practical security strategy to achieve your strategic, compliance and risk management objectives. Our tailored solutions address various security needs including:

• Information security program assessment

• Security audits

• Compliance with PCI DSS, Privacy, FOIP

• ISO 27001/2:2005 programs

• Threat and risk assessment (TRA)

• Security and privacy risk assessment

• Vulnerability scanning and penetration testing

• Network and system component configuration review

• Implementation of security controls

Our security and privacy

professionals assist organizations

to identify and mitigate the

critical security threats and risks

pertaining to your environment.

12

Implement an industry accepted IT risk and control

framework for your specific

environment that is aligned to your

IT risk appetite and tolerance.

Technology Controls AssuranceA robust IT control environment is critical to ensure the reliability and integrity of information processing. From strategic needs to compliance and processing requirements, organizations have varied exposure to IT system dependencies, data breaches, information security threats, system changes and business interruption.

Our experienced team can assist you to implement an industry accepted IT risk and control framework for your specific environment that is aligned to your IT risk appetite and tolerance. Our proven controls assurance methodology provides an independent and objective assessment of your IT risks and control effectiveness, as well as highlights enhancement opportunities to strengthen your control environment.

IT Project Risk ManagementLarge IT projects are notoriously complex transformations that each have their own unique challenges and factors that must be managed over the project life cycle to achieve success. But reaching the goals of being on time, on budget and on scope can be overwhelming and difficult to accomplish, resulting in additional costs, frustrations and compromised performance.

MNP has a successful track record in delivering Project Risk Advisor services for complex implementation projects. Throughout the project’s life cycle, we provide independent, timely, transparent and easy-to-understand updates for stakeholders in three key areas:

• Business Readiness and Benefits Realization

• Project Management Effectiveness and Controls

• Internal Controls

Third-Party ReportingWith affordable and improved delivery of outsourced IT services, there is increased expectation for third-party service providers to provide independent assurance on the effective operation of their IT controls in accordance with industry standards. MNP technology risk professionals can provide third-party assurance services in accordance with US standard SSAE 16 and Canada standard CSAE 3416.

13

Fraud and security issues are becoming more common and more complex. As the rate of fraud and security incidents continue to escalate, it is important organizations respond aggressively to these challenges. Working closely with you, our Forensic and Enterprise Security professionals deliver innovative strategies that help you proactively identify, assess and respond to these threats.

ForensicsFraud can strike your organization at any time. Regardless of the known direct financial impact, anything less than a full and proper response will have a significant impact on your most important asset: your reputation. In a crisis, you must respond quickly and send a clear message that unethical conduct will not be tolerated. MNP’s forensics team will help you meet those needs.

• Investigation In a recent economic crime survey, 55 per cent of Canadian businesses reported being victims of economic crime. North American estimates put corporate losses due to fraud at six per cent of revenues. Our forensics specialists have investigated complex financial crimes on a national and international scale in diverse industries.

Using proven investigative and forensic accounting techniques in tandem with computer forensics and data mining tools, we will develop and deliver an independent, professional response to any issue, enabling you to focus on your core business. The MNP team will qualify and quantify the impact of ethical breaches, and help you manage the administrative, regulatory or judicial process. We will also develop a remediation plan to minimize your losses and manage the risk of reoccurrence.

• Prevention Our risk professionals can show you the hidden exposures you didn’t know existed to prevent losses and reputational damage. MNP’s fraud risk assessment is designed to pinpoint gaps in your internal controls. Once the risks are identified, we will work with you to manage them in a way that is consistent with your corporate culture. Through our comprehensive fraud awareness training sessions, your staff will be able to recognize suspicious or fraudulent activity and come forward to report these activities to prevent losses or further damage.

• Detection Early fraud detection is a key step to cutting fraud losses, generating a return on your investment. MNP will provide proactive fraud audits of high-risk areas. By combining our team’s expertise with your team’s in-depth knowledge of your organization, we will customize our approach by focusing on key accounts and transactions, and apply a broad range of investigative and forensic accounting techniques. This enables us to analyze large volumes of data for suspicious activity using computer-assisted audit techniques and special purpose software that quietly monitors the potential exposures that keep you awake at night.

Forensics & Enterprise Security

In a crisis, you must respond

quickly and send a clear message

that unethical conduct will not

be tolerated.

14

We “harden” your environment,

thereby limiting exposure and

reducing risks — a key business

continuity step in the protection of your employees,

customers, assets and proprietary

information.

• Whistleblower Hotline Program According to the Association of Certified Fraud Examiners, the most common way to detect fraud is through a tip from an employee and others associated with your organization. Research indicates that establishing a whistleblower hotline can reduce fraud losses by 50 per cent.

Active 24 hours a day, 365 days a year, MNP’s Whistleblower Hotline is bilingual and completely confidential. Callers’ identities are protected and any information gathered is presented to your organization’s audit committee or compliance office. In addition, we will provide you with a comprehensive threat assessment and response plan.

Enterprise SecurityIn today’s complex and competitive business environment, protecting your people, assets and reputation is more challenging than ever. Success depends on being proactive and focusing on identifying, assessing and responding to threats.

Our experienced professionals follow comprehensive methodologies that link your security requirements to your overall risk management program and business needs to facilitate: safety of employees and customers, security of your logical and physical assets, mitigation of business risk, protection of your brand and reputation and overall enterprise resiliency and business sustainability.

MNP’s cost-effective enterprise security solutions are customized to meet your needs and enhance consumer confidence, customer/employee safety and continuity of operations — enabling your organization to achieve their operational and strategic objectives.

• Threat Vulnerability & Risk Assessments Enhance your organization’s ability to effectively conduct operations by understanding your threats, vulnerabilities and risks. MNP can help you identify and assess the risks and exposures that could affect your organization as well as provide recommendations and countermeasures.

• Security Strategy & Planning Assess, design and implement efficient and effective control processes and security solutions. Our experienced security specialists use proven methodologies to engineer security solutions that protect your infrastructure, people, customers, assets and systems by integrating resiliency into your critical business functions.

• Security Crisis & Incident Response Services Plan for events such as logical or physical security incidents, key employee termination or man-made disasters so you can respond to an unexpected crisis. Our experienced teams are prepared to help you manage the response process which includes stabilization, preparation, investigation and business recovery support services. MNP will help with everything from coordinating your staff to assisting in the implementation of crisis management and crisis communication protocols.

• Counterterrorism We work closely with your existing security staff to reduce your risk of attack, kidnapping or harassment by implementing effective yet unobtrusive methods to enhance the safety and security of your people and assets, anywhere in the world.

• Operations Security Develop and implement an overall corporate resource protection program based on proven processes. We work with your staff to create a tailored solution that results in reduced risk to your employees, proprietary information and physical assets.

• Critical Infrastructure Protection Protect your assets with our experience in the secure design, construction and management of robust and sustainable critical infrastructure facilities. Through multiple security layers, we “harden” your environment, thereby limiting exposure and reducing risks — a key business continuity step in the protection of your employees, customers, assets and proprietary information.

15

Gordon Chan, CA, CFE, CRMA, is the national leader of the firm’s Enterprise Risk Services practice. He has more than 20 years of experience assisting complex organizations with their governance, risk management and internal audit needs. Gordon has deep industry experience in financial services, energy and the public sector.

Gordon’s noteworthy accomplishments include serving as a global Sarbanes-Oxley implementation leader for one of the largest companies in the world. In addition, he has led internal audit and fraud risk functions for various international companies and has served in senior finance leadership roles. Leveraging his global experience working with renowned organizations, Gordon has a proven track record for applying a pragmatic approach to effectively manage priority risks and achieve business process and control improvements.

Gordon is a Chartered Accountant and a Certified Fraud Examiner. He also holds a Certification in Risk Management Assurance, GE Certification in Six Sigma and a Bachelor of Business Administration degree.

Scott Crowley, MBA, FRM, CPP, CBCP, has been instrumental in improving profitability, managing risk, ensuring operational resilience and accelerating the growth, for a diverse range of businesses for approximately 20 years. Scott defines and orchestrates effective and customized risk management, internal audit, business continuity, physical security and performance improvement solutions. Prior to joining MNP, Scott was a national risk leader with a Big Four chartered accountancy firm.

As both the leader and a member of executive teams, Scott has developed an effective and proven ability to analyze the business environment, understand competitive threats and assess the internal capabilities of organizations to better manage risk, improve performance and drive down costs. Scott has developed and implemented practical solutions for clients to ensure continuity of operations, customer satisfaction, competitive advantage, as well as the achievement of organizational objectives.

Scott holds a Master of Business Administration and a Bachelor of Science (Honours) degree in Mathematics and Physics. He also is a Fellow in Risk Management, a Certified Business Continuity Professional, a Certified Six Sigma Performance Improvement Black Belt, a Certified Protection Professional and a Certified Management Consulting.

Mariesa Carbone, CA, ABCP, CRMA has more than 15 years of experience providing enterprise risk management, corporate governance, business process improvement and internal audit solutions for public and private enterprises. Prior to joining MNP, Mariesa was a senior practice leader with a Big Four chartered accountancy firm.

Mariesa’s disciplined approach to any project combined with a focus on providing practical advice allows her to provide exceptional client service every time. Sought after for her expertise in enterprise risk services, Mariesa works with clients across a wide range of industries, including: public sector, gaming, forestry, post-secondary education and the energy sector.

In addition to her Bachelor of Commerce degree, Mariesa is a Chartered Accountant, an Associate Business Continuity Professional and has her Certification in Risk Management Assurance.

The MNP Enterprise Risk Services Leadership Team

Gordon Chan, CA, CFE, CRMA

National Enterprise Risk Services Leader

Scott Crowley, MBA, FRM, CPP, CBCP

Enterprise Risk Services Leader, Eastern Canada

Mariesa Carbone, CA, ABCP, CRMA

Enterprise Risk ServicesRegional Leader, Alberta

16

Peter Guo, MBA, CA, CISA, CA•IT/CISA, CRISC, ABCP, has delivered customized risk management, consulting and assurance services for 20 years. He is adept at resolving complex matters relating to governance, enterprise risk management, people and organizational design, information systems and processes, as well as regulatory compliance, internal audit, IT audit, internal controls, IT threat and risk assessments and third-party control reports (CSAE 3416, SAS 70/Section 5970).

With expertise in transformational projects, Peter provides clarity and practical solutions for executives and Boards faced with complex IT implementations, business process improvement initiatives, cost reductions, mergers and acquisitions.

A Chartered Accountant designated in IT and IT audit, Peter holds Certified Information Systems Auditor, Certified in Risk and Information Systems Control and Associate Business Continuity Professional designations.

Gustavo Meschler, IS Eng, CISA, PMP, CRMA, ABCP leads our Enterprise Risk Services practice in Manitoba. He has approximately 20 years of experience in enterprise risk management, IT audit/ security and controls, technology planning and business continuity management.

Prior to joining MNP, he worked for a Big Four chartered accountancy firm overseeing the delivery of IT risk management and business continuity management services in Manitoba and Saskatchewan. Gustavo has extensive experience assisting clients with their governance, risk management, and internal audit needs including IT security and business improvement solutions. Working with a range of clients in the public sector, financial services, energy and insurance industry, Gustavo understands the unique challenges specific to each sector.

Gustavo is an Information Systems Engineer, Certified Information Systems Auditor, ITIL Certified Consultant, Certified in Risk Management Assurance, Incident Command System, Project Management Professional and Associate Business Continuity Professional.

Brian Drayton, FCA, CMC has more than 30 years of experience providing services to large and medium-sized businesses, as well as Crown Corporations. This includes external audit, internal audit assistance, corporate governance, risk management, forensic reviews and other business advisory services. Brian is well known for delivering practical, pragmatic solutions on issues as they arise and takes great pride in maintaining open and timely communication with senior management and Board of Directors.

Brian is also a current and active member of the Canadian Accounting Standards Board (AcSB). In that role, he is at the fore font of current developments in IFRS and Canadian accounting standards including those effecting rate regulated industries in Canada. As a member of the AcSB, he has helped shape the accounting transition for the unique industries in Canada. In addition, Brian chairs the Private enterprise Advisory Committee of the AcSB.

Brian is a fellow Chartered Accountant and Certified Management Consultant.

Peter Guo MBA, CA, CISA, CA•IT/CISA, CRISC, ABCP

Enterprise Risk Services Regional Leader, British Columbia

Gustavo Meschler IS Eng, CISA, PMP, CRMA, ABCP

Enterprise Risk Services Regional Leader, Manitoba

Brian Drayton, FCA, CMC

Enterprise Risk Services Regional Leader, Saskatchewan

17

Geoff Rodrigues, CA, ORMP, CIA, CRMA, has approximately 15 years of experience delivering customized solutions in internal audit, enterprise risk management, corporate governance and internal controls. Geoff specializes in helping companies maximize opportunities, reduce risk exposure and optimize their operations.

Geoff has worked with a diverse group of clients including large international corporations in a variety of industries such as manufacturing, telecommunications, insurance, health care, financial services, real estate and energy. Prior to joining MNP, Geoff’s risk management experience included conducting external audits for SEC reporting issuers, compliance audits and providing forensic and investigative accounting services.

Geoff is a Chartered Accountant , Certified Internal Auditor and Certified Operational Risk Management Professional. He holds a Bachelor of Commerce, Accounting and Finance degree and a Certification in Risk Management Assurance.

Walter Moschella, CPA, CA, CIA, CRMA, ICD.D is an experienced finance and accounting professional with over 30 years of business experience. Specialized in governance, strategy, risk, control and audit, he has led hundreds of assurance and advisory projects, the objectives of which were to assess the effectiveness and efficiency of business processes and to make recommendations aimed at improving governance and performance for organizations of various sizes in several industries.

A past president of the Montreal chapter of the Institute of Internal Auditors and the Internal Audit Committee of the Ordre des comptables agrées du Québec, Walter is presently a member of the Ordre des CPA du Québec, the IIA and the Institute of Corporate Directors. He is also a part-time lecturer at McGill University where he teaches Corporate Governance and Accounting.

Walter is a Chartered Professional Accountant, a Certified Internal Auditor and a Certified Director. He also holds a Certification in Risk Management Assurance.

Cliff Trollope, CBCP, CRM, CAS, has over 20 years of experience providing tailored solutions to public and private sector clients including emergency response, business continuity, crisis management, enterprise risk management and physical security. His background and leadership enables Cliff to identify risks and challenges and tailor solutions that help clients mitigate risk to achieve strategic goals.

Cliff has led risk and business continuity management projects for public and private sector organizations, including NATO and the United Nations. Prior to joining MNP, Cliff was a Business Continuity Leader at multi-national insurance company and an officer in the Canadian Forces for 23 years, specializing in planning and crisis management operations.

Cliff holds a Bachelor of Arts and a Master of Defence Studies from the Royal Military College of Canada. His professional certifications include Certified Business Continuity Professional, Canadian Risk Management and Certified Anti-Terrorist Specialist.

Geoff Rodrigues, CA, ORMP, CIA, CRMA

Enterprise Risk Services Regional Leader, Ontario

Walter Moschella CPA, CA, CIA, CRMA, ICD.D

Enterprise Risk Services Regional Leader, Quebec

Cliff Trollope, CBCP, CRM, CAS

Business Resilience Leader

18

Greg Draper, FCGA, DIFA, CFE, ICD.D, has over 20 years of experience in fraud risk management and response. Greg leads the firm’s forensic practice. Prior to joining MNP, Greg was a supervisor and senior investigator with the Royal Canadian Mounted Police, where he led complex international financial investigations.

Greg assists clients in mitigating and managing their legal, financial and reputation risks related to fraud and other ethical breaches. Greg conducts fraud risk assessments, develops incident response strategies, provides fraud awareness training, conducts due diligence, provides loss quantification and delivers asset tracing and litigation support. He has extensive experience conducting investigations related to fraud, conflicts of interest and employee misconduct.

Greg is a Certified General Accountant and Certified Fraud Examiner, and holds a graduate diploma in Investigative and Forensic Accounting. He is a court-recognized expert in financial crime investigations, and is a past member of the Audit Committee for the City of Calgary.

Maggie Kiel, CIA, MBA, ABCP, CRMA, has over 20 years of experience providing customized solutions in corporate governance, enterprise risk management and internal audit services. Prior to joining MNP, Maggie was a partner with a Big Four chartered accountancy firm, leading their risk management and internal audit practice in Northern Australia, Papua New Guinea and most recently Russia.

Maggie has provided corporate governance, ERM and internal audit solutions on an international scale to a wide range of industries, including energy and resources, telecommunications, financial services and the public sector. Among her other key areas of expertise are implementation assistance in relation to International Financial Reporting Standards, fraud reviews and forensic investigations and Sarbanes-Oxley readiness and attestation services.

Maggie is a Chartered Accountant (Aust) as well as a Certified Internal Auditor. She holds a Master of Professional Accounting, a Master of Business Administration and a Certification in Risk Management Assurance.

Trac Bo, CA, CISA, CGEIT, CRISC, ABCP, has over 15 years of assurance, governance and technology risk experience. Prior to joining MNP, he was a senior practice leader with a Big Four chartered accountancy firm.

With an in-depth understanding and application of security, risk management and control frameworks, Trac has extensive experience assisting clients to implement controls, improve IT governance, and protect against security threats and vulnerabilities. He has worked internationally in the United States and the Cayman Islands and his clients represent the financial services, energy and resources, transportation, manufacturing industries and the public sector.

Trac is a Chartered Accountant, Certified Information Systems Auditor, Certified in the Governance of Enterprise IT, and Certified in Risk and Information Systems Control. He also holds a Bachelor of Commerce (Honours) degree and is an Associate Business Continuity Professional.

Greg Draper FCGA, DIFA, CFE, ICD.D

Forensics Leader

Margriet Kiel CIA, MBA, ABCP, CRMA

Governance & Risk Management Leader

Trac BoCA, CISA, CGEIT, CRISC, ABCP

Technology Risk Services Leader

19

For more information on MNP’s suite of Enterprise Risk Services, contact:

Gordon Chan, CA, CFE, CRMA National Enterprise Risk Services Leader T: 403.537.8429 E: gordon.chan@mnp.ca

Scott Crowley, MBA, FRM, CPP, CBCP Enterprise Risk Services Leader, Eastern Canada T: 416.260.3277 E: scott.crowley@mnp.ca

Mariesa Carbone, CA, ABCP, CRMA Enterprise Risk Services Regional Leader, Alberta T: 780.453.5377 E: mariesa.carbone@mnp.ca

Peter Guo, MBA, CA, CISA, CA•IT/CISA, CRISC, ABCP Enterprise Risk Services Regional Leader, British Columbia T: 604.637.1513 E: peter.guo@mnp.ca

Gustavo Meschler, IS Eng, CISA, PMP, CRMA, ABCP Enterprise Risk Services Regional Leader, Manitoba T: 204.927.3097 E: gustavo.meschler@mnp.ca

Brian Drayton, FCA, CMC Enterprise Risk Services Regional Leader, Saskatchewan T: 306.530.1581 E: brian.drayton@mnp.ca

Geoff Rodrigues, CA, ORMP, CIA, CRMA Enterprise Risk Services Regional Leader, Ontario T: 416.515.3800 E: geoff.rodrigues@mnp.ca

Walter Moschella, CPA, CA, CIA, CRMA, ICD.D Enterprise Risk Services Regional Leader, Quebec T: 514.228.7934 E: walter.moschella@mnp.ca

Cliff Trollope, CBCP, CRM, CAS Business Resilience Leader T: 416.515.3851 E: cliff.trollope@mnp.ca

Greg Draper, FCGA, DIFA, CFE, ICD.D Forensics Leader T: 403.537.7679 E: greg.draper@mnp.ca

Margriet Kiel, CIA, MBA, ABCP, CRMA Governance & Risk Management Leader T: 403.537.7624 E: maggie.kiel@mnp.ca

Trac Bo, CA, CISA, CGEIT, CRISC, ABCP Technology Risk Services Leader T: 403.537.8396 E: trac.bo@mnp.ca

Praxity, AISBL, is a global alliance of independent firms. Organized as an international not-for-profit entity under Belgium law, Praxity has its administrative office in London. As an alliance, Praxity does not practice the profession of public accountancy or provide audit, tax, consulting or other professional services of any type to third parties. The alliance does not constitute a joint venture, partnership or network between participating firms. Because the alliance firms are independent, Praxity does not guarantee the services or the quality of services provided by participating firms.