Our engagements are deliberate.
We work with a small number of clients at a time, and each engagement follows a defined path from first conversation to delivered finding. The timelines below assume a client who can make stakeholders and documentation available without prolonged delay. Mature participation is what keeps an engagement on schedule.
Private Briefing
A confidential, no-obligation conversation to understand the mandate, the constraints, and the people involved. We use it to determine whether the engagement is one we are suited to, and whether we are the right firm for it.
A shared written summary of the mandate as we understand it, and an honest view of fit.
A single session, typically within one business day of your request.
A general description of the problem and the regulatory environment. No protected material is exchanged at this stage.
Scoping and Proposal
We translate the briefing into a written engagement scope. This document sets out objectives, deliverables, timeline, fee basis, and the boundaries of the work, so that nothing is ambiguous once we begin.
A written scope and proposal, and a draft engagement letter.
3 to 5 business days after the briefing.
Confirmation of objectives, the stakeholders who will participate, and any fixed deadlines the engagement must respect.
Onboarding and Access
Before substantive work begins, we put the formal and practical arrangements in place. This covers execution of the engagement letter and any non-disclosure agreement, and the setup of a secure environment for the exchange of documents.
An executed engagement letter and NDA, a secure data room, and a confirmed schedule of stakeholder sessions.
1 to 2 weeks.
Signature authority on both documents, and a named internal point of contact who can coordinate access and scheduling.
Assessment and Analysis
The core of the engagement. We conduct stakeholder interviews, review documentation, and map your controls against the relevant obligations, building a clear picture of where risk sits and where gaps exist. For organizations operating across the Canadian and United States line, jurisdictional exposure is examined as part of this work rather than as an afterthought.
An internal working analysis and a preliminary register of findings.
2 to 6 weeks, depending on scope and the number of systems in review.
Access to relevant documentation, availability of named stakeholders for interview, and timely answers to written follow-up questions.
Findings and Recommendations
We deliver our conclusions in a form a board can act on. The findings memorandum is written for accountable readers, general counsel, risk committees, and senior management, and is paired with a remediation roadmap that ranks what matters by consequence and sequence.
A board-ready findings memorandum, and a prioritized remediation roadmap with indicative timelines.
1 to 2 weeks after the close of assessment.
Availability for a findings presentation, and confirmation of who should receive the final materials.
Remediation Support
For clients who want it, we remain engaged through execution, advising on control design and reviewing progress against the roadmap. This phase is scoped separately, and only when there is a clear reason for our continued involvement.
Ongoing advisory, control design review, and periodic progress checkpoints.
Defined by the remediation plan, typically on a monthly retainer.
An internal owner for the remediation program, and access to the teams responsible for execution.
Every engagement begins with a private briefing.
If the problem above resembles yours, we would welcome a confidential conversation about it.