Frequently Asked Questions

  • You came to the right place. It is overwhelming, and chances are your employees are already using AI, even if you’re not officially providing them with AI tools. This topic is complex, emotional, and requires careful assessment. We help our clients in a variety of aspects as it relates to AI. A governance structure is crucial to managing the risks AI introduces, as well as the risks it can potentially mitigate. We believe AI can be a superpower and provide competitive edge, but it must be managed and controlled. For example, we can assess where AI may be helpful, the controls that are needed to ensure the AI output is accurate, mitigate against AI bias, control for “moral distancing”, and ensure there is a clear communication and training program for AI within your organization.

  • Based on a global survey of >4,000 companies, conducted by the Internal Audit Foundation and the European Confederation of Institutes of Internal Auditing, the top 5 risks are:

    1. Cybersecurity

    2. Digital Disruption (including AI)

    3. Business Resilience

    4. Human Capital

    5. Regulatory Change

    We help companies assess their top risks, design appropriate controls, identify data and metrics to provide insight on the prioritized risks, and define roles and responsibilities to ensure ongoing monitoring and execution of the risk program. Don’t get lost in the jargon; that is why we are here to help!

  • We support a wide range of organizations, including (but not limited to):

    • Professional services

    • Financial services

    • Nonprofits

    • Startups

    • Healthcare

    • Tech companies

    • Small and midsize businesses across industries

    Our expertise is in risk management and culture and can be applied to any industry. The customized frameworks are adaptable to any organization that values ethical leadership, strong culture, and effective risk management.

  • A risk management consultant helps organizations identify, assess, and reduce risks that could impact operations, people, culture, reputation, or financial stability. We provide expert guidance on risk assessments, risk frameworks, controls, culture health, compliance programs, and conduct risk, helping you build a resilient and ethical organization.

  • Great question! People often think of so many different types of risk when they hear the term “risk management”. We are assessing and prioritizing the inherent risks a company faces by doing business. For example, if you have employees, you have operational risk. If you use systems, you have technology and likely cybersecurity risk. If you use AI, you have AI risk. We help our clients determine what risks they face and then prioritize them. This allows organizations to focus their resources efficiently.

  • Small and midsize businesses face many of the same risks as large enterprises, just with fewer resources. A risk consultant helps you simplify risk management, implement practical controls, and avoid costly mistakes such as fraud, compliance violations, culture breakdowns, or operational disruptions. Learn more about our services here.

  • A risk assessment identifies the key risks that could affect your business goals, along with their likelihood and impact. This is the foundation for effective risk management, strategic decision-making, and resource allocation. It helps you focus on what matters most so you can operate with confidence.

  • Absolutely. We provide audit readiness support, review your current controls, identify gaps, and help you strengthen documentation and processes. We are also available to provide support during audits, and to address any findings after the review is completed. Our approach helps organizations feel confident and reduce stress during reviews.

  • Yes. Risk management focuses on identifying and reducing risks that may impact your strategy or operations. Compliance ensures your organization meets legal, ethical, and regulatory requirements. Together, they create a strong governance structure that protects your business from financial, legal, and reputational harm.

  • Our project-based engagements average 60–90 days, depending on size and scope. Implementation of large, complex projects may take more time. We specialize in simple, practical frameworks and always consider client timing needs.

  • Risk culture refers to the mindsets, behaviors, and norms that influence how employees identify, escalate, and manage risk. A strong risk culture supports ethical behavior, transparency, and accountability. A weak risk culture leads to misconduct, breakdowns in communication, and preventable failures.

  • We use a combination of interviews, surveys, behavioral indicators, data analytics, and leadership insights to understand the health of your culture. We identify strengths and opportunities and get to the root cause of concerns to improve trust, psychological safety, communication, and alignment with organizational values.

  • Yes. We help organizations diagnose cultural friction points, rebuild trust, and create a healthy, ethical, high-performing culture. This often includes customized employee training, promoting open communication, addressing conduct risks, and developing long-term culture change plans.

  • Conduct risk refers to internal behaviors that may cause harm to customers, employees, or the organization. Examples include unethical decisions, policy violations, lack of accountability, or poor leadership tone. Most organizations, especially growing ones, have some level of conduct risk. We help you identify, measure, and mitigate these risks before they become costly problems.

  • Pricing depends on the scope, size of your organization, and whether you need:

    • a specific project (e.g., risk assessment, culture assessment)

    • an ongoing advisor

    • fractional risk officer (FRO) support

    We offer flexible, transparent pricing tailored to client needs.

  • Yes. We help you build a workplace where people feel safe raising concerns and sharing ideas without fear of retaliation. A healthy speak-up culture improves ethics, accountability, trust, and decision-making.

  • Yes. Many clients choose recurring support to maintain visibility, track emerging risks, and sustain culture health.

  • We (Ally and Angie) are the owners and operators of Ross + Schuda. For larger, more complex projects, or those that require specialized expertise, we are able to tap into a carefully-vetted network of professionals to ensure the best service is provided to our clients. These arrangements are disclosed up front to our clients.

  • The first step is to contact us so we can schedule an introductory conversation to understand your goals and challenges. From there, we recommend a practical, tailored approach that fits your budget, timeline, and organizational needs.

Contact