A Strategic Approach to Protecting Your Organization
Enterprise Security Risk Management (ESRM) is more than a security program—it is a strategic framework that integrates all aspects of security into an organization’s overall business strategy. Properly implemented, ESRM establishes partnerships between security professionals and the asset owners responsible for safeguarding people, property, data, and financial resources.
RSA Risk Management & Investigations, PLLC applies ESRM to help organizations across government, nonprofit, and corporate sectors identify, mitigate, and prevent risks. Unlike siloed approaches that treat physical, cyber, and financial security separately, RSA employs a holistic methodology designed to protect the organization from every angle.
Our professionals—retired federal agents, certified fraud examiners, and security specialists—align ESRM principles with your strategic objectives, enabling informed decision-making that strengthens resilience, preserves value, and advances your mission.
RSA’s Enhanced ESRM Framework
Traditional ESRM covers physical security, information security, crisis management, investigations, and personnel security. RSA goes further by incorporating:
Internal Controls Reviews and Testing – evaluating weaknesses that expose organizations to financial loss or fraud
Certified Fraud Examinations – identifying misappropriation, embezzlement, or financial irregularities before they escalate
Policy and Procedure Drafting – strengthening governance and ensuring clear guidance for security, compliance, and risk prevention
The Value of RSA’s ESRM Approach
RSA’s retired federal agents and certified professionals bring a perspective shaped by decades of high-stakes investigations and security operations. Clients benefit from comprehensive coverage across physical, cyber, and financial domains, all addressed within a unified framework.
The team emphasizes proactive prevention by testing and strengthening internal controls before losses occur, while leveraging investigative expertise—including interviews, fraud examinations, and forensic analysis—to uncover hidden risks. When risks escalate into incidents, RSA provides seamless liaison with outside counsel, regulators, and law enforcement. More than identifying risks, RSA equips organizations with actionable strategies to mitigate them and safeguard their ability to operate.
The ESRM Cycle in Action
RSA employs the ESRM cycle—a continuous process of identifying, evaluating, mitigating, and monitoring risks. This ensures that risk is placed in the proper context, with protective actions prioritized to enable the organization’s mission rather than obstruct it.
Identify – Understand the assets at risk and the potential threats facing the organization.
Evaluate – Analyze likelihood, impact, and exposure across all domains of security.
Mitigate – Implement targeted solutions that reduce risk, ranging from access controls and cybersecurity defenses to financial oversight and fraud prevention.
Monitor – Continuously test, measure, and adjust controls as risks evolve.
By cycling through these stages, RSA ensures that risks are not only managed but also aligned with strategic goals.
The Five Cornerstones of Risk Management
RSA builds its ESRM services on five globally accepted risk management principles:
Risk Avoidance – Eliminate opportunities for loss, such as designing new facilities with secure layouts, hardened systems, or segregated controls.
Risk Spreading – Diversify and distribute assets so that no single event—whether physical or cyber—can eliminate organizational capacity.
Risk Transfer – Use insurance and contractual agreements to shift risk where appropriate, forming part of a comprehensive strategy.
Risk Reduction – Decrease vulnerabilities through layered security controls, policy enforcement, cybersecurity measures, employee awareness programs, and financial control mechanisms.
Risk Acceptance – Acknowledge residual risks once all other methods are applied and ensure leadership makes informed decisions on tolerances.
How RSA Strengthens Every Domain of Security
Physical Security
RSA assesses access controls, surveillance, intrusion detection, and crisis response procedures. We identify vulnerabilities in facilities and operations, ensuring that people, property, and infrastructure are safeguarded against threats ranging from theft to workplace violence.
Cybersecurity
RSA’s cybersecurity specialists evaluate networks, systems, and digital assets for vulnerabilities. We help organizations strengthen defenses against hacking, ransomware, and data breaches while aligning cybersecurity protocols with broader business objectives.
Financial Security
Where RSA stands apart is in the integration of forensic accounting and fraud prevention into the ESRM model. Our team uses:
Forensic Accounting Techniques to test books and records for manipulation
Data Analytics and AI Tools to identify unusual transactions, undisclosed accounts, or fraudulent activity
Fraud Examinations to proactively uncover red flags of embezzlement, defalcation, or misappropriation
By merging financial risk management with security principles, RSA ensures that fraud and internal misconduct are addressed alongside external threats.
The Value of RSA’s ESRM Approach
RSA’s retired federal agents and certified professionals bring a perspective shaped by decades of high-stakes investigations and security operations. Our clients benefit from:
Comprehensive Coverage – physical, cyber, and financial domains addressed in one unified framework
Proactive Prevention – internal controls tested and strengthened before losses occur
Investigative Expertise – interviews, fraud examinations, and forensic analysis that uncover hidden risks
Liaison with Counsel and Authorities – seamless coordination with outside counsel, regulators, or law enforcement when risks escalate into incidents
RSA doesn’t just identify risks—we equip organizations with actionable strategies to mitigate them and protect their ability to operate.
Act Before Risk Becomes Loss
Security risk management cannot be reactive. Organizations that adopt ESRM proactively protect their assets, reputation, and long-term viability. By partnering with RSA, businesses, nonprofits, and government entities gain access to a team of federal-trained investigators, fraud examiners, and security professionals who understand how to integrate protective measures across all domains of risk.
Get To Know Us
Meet Your Dream Team
Stuart G. Berman
Principal and Co-Founder
Stuart G. Berman CFE, PSP, CAMS, is the Principal and Co-Founder of RSA Risk Management & Investigations, PLLC. Prior to co-founding RSA, Stuart was an award-winning Special Agent In Charge where he supervised the regional criminal, civil and administrative investigative program, encompassing six Midwestern states and 12 judicial districts.
Michael De Meo, MAFF
Principal and Co-Founder
Michael De Meo, Principal and Co-Founder of RSA Risk Management & Investigations. Prior to co-founding RSA Michael was a Senior Special Agent with the General Services Administration (GSA), Office of Inspector General (OIG). Michael’s record is one of consistent accomplishments in leadership and investigations. Michael has led several multi agency criminal and civil investigations.
Denise Dohanic
Director
Denise has 26 years of federal service with U.S. Pretrial Services and U.S. Probation in the districts of Colorado and Arizona. She has served as a supervisor, contract services officer, program development coordinator, and line officer. As a pre-trial/probation officer, Denise supervised pretrial defendants, probation and post conviction offenders.