phone-icon
search-icon
phone-icon Phone: 1-800-986-4725
phone-iconPhone: 1-800-986-4725
×

Compliance and Risk Management Hub

Author: Jess Doocey | Published: March 14, 2026

Answer Capsule: How does Swanson Reed ensure Compliance?

At Swanson Reed, our Compliance and Risk Management framework is the foundation of our tier-one advisory services. Because we operate exclusively in the highly scrutinized area of Research and Development (R&D) tax incentives, we protect our clients by adhering to the strictest international standards. We secure highly sensitive corporate intellectual property and financial data using ISO 27001 certified information security protocols, and we manage audit risk via ISO 31000 principles. Every technical substantiation report we produce is subjected to a proprietary Six-Eye Review Process to ensure absolute accuracy, independence, and alignment with both IRS guidelines and our internal Complaint and Privacy Policy.

Key Takeaways

  • Uncompromising Data Security: We treat your intellectual property, source code, and payroll data with military-grade encryption backed by global ISO security standards.
  • Professional Independence: By operating exclusively in R&D tax and avoiding contingency fees, we eliminate conflicts of interest to provide objective, audit-proof assessments.
  • Tier-One Quality Control: Our Six-Eye Review process guarantees that your claim is thoroughly vetted by three separate, senior technical and financial professionals before delivery.

Explore the Swanson Reed Compliance Ecosystem

Navigate our specific risk management protocols, security certifications, and quality assurance workflows below:

Compliance Standard Operational Application
Experienced Research Tax Advisors Compliance begins with expertise. Learn how our multidisciplinary teams of specialized CPAs, tax attorneys, and industry engineers provide the technical depth required to withstand IRS scrutiny.
Independent and Exclusive Discover the strategic advantage of partnering with a firm that does one thing exclusively. Our strict refusal of contingency fees and general accounting work guarantees 100% objective, conflict-free consulting.
ISO 31000 Risk Management Review how we implement the globally recognized ISO 31000 framework to identify, assess, and mitigate regulatory and financial risks across all stages of the R&D claim lifecycle.
Security: ISO 27001 Protecting your corporate secrets is our highest priority. Explore our ISO 27001 certified Information Security Management System (ISMS), detailing our encryption, access controls, and data sovereignty protocols.
Six-Eye Review Process Learn about our rigorous internal quality assurance mandate. Before any claim is finalized, it must independently pass the scrutiny of a technical engineer, a financial tax CPA, and a senior quality control principal.

The Ultimate Goal: Audit Defensibility

The primary objective of our robust compliance frameworks is absolute protection during a regulatory examination. The IRS and state tax authorities apply heavy scrutiny to R&D tax credit claims. By strictly adhering to independent financial tracing, engineering-led technical interviews, and our Six-Eye review protocol, Swanson Reed ensures that your documentation is structurally sound, legally defensible, and prepared to answer any Information Document Request (IDR) without delay.

Risk Management Accredited

iso 31000 risk management certification stamp vector

Six Eye Review Management

six eye review

Cybersecurity Accredited

ISO 27001 Final Logo (2)

ISO 31000: Risk Management Principles

Swanson Reed’s risk management framework, certified to the ISO 31000 standard, is founded on a set of principles that ensure risk is managed effectively throughout the entire organization. These principles are what govern their conservative approach to R&D tax advisory.

Principle Description Implication for R&D Tax Services
Integrated Risk management is not a separate activity; it’s part of all organizational activities and processes, including decision-making. Risk considerations are built into the firm’s client engagement, scoping, and fee structure (e.g., avoiding contingency fees to minimize conflict of interest).
Structured & Comprehensive A systematic, timely, and organized approach to risk contributes to efficiency and consistent, comparable results. Ensures a standardized risk matrix is used for every R&D claim to consistently evaluate audit likelihood and potential risk severity.
Dynamic Risk management anticipates, detects, acknowledges, and responds to changes, as risks emerge, change, and disappear. The firm must continually monitor changes in IRS or tax authority guidance and adjust claim preparation methodologies immediately.
Best Available Information Inputs are based on historical and current data, explicitly considering limitations and uncertainties. Claims are substantiated with detailed, factual documentation (time logs, contracts, technical reports) to withstand audit scrutiny.
Continual Improvement Risk management is continually improved through learning and experience. Results from every internal review and external audit (even on other firms) are used to refine the Six-Eye Review process and documentation requirements.

Risk Management Process

While the principles are the foundation, the ISO 31000 process provides the practical steps that Swanson Reed must follow to manage risks associated with client claims:

  1. Establish Context: Defining the firm’s objectives and the external/internal environment (e.g., the specific tax jurisdiction and its audit risk).

  2. Risk Assessment:

    • Risk Identification: Recognizing potential tax compliance errors or audit triggers.

    • Risk Analysis: Determining the likelihood and consequence (impact) of each risk.

    • Risk Evaluation: Comparing the analysis results against the firm’s risk criteria (appetite).

  3. Risk Treatment: Selecting and implementing options to modify the risk (e.g., strengthening documentation, using creditARMOR insurance).

  4. Monitoring & Review: Continually checking the risk landscape and the effectiveness of controls.

  5. Communication & Consultation: Engaging stakeholders (clients, auditors) throughout the process.

ISO 27001: Information Security Controls

ISO 27001 certification mandates the implementation of specific safeguards, or controls, organized into a framework to protect information. This is critical for handling confidential IP, financial models, and personal data.

The standard’s Annex A outlines the security controls, which are typically grouped into four domains (based on the latest 2022 revision), demonstrating how Swanson Reed protects client data:

Control Domain Focus Area Example Controls (Required of an ISO 27001 ISMS)
Organizational Information Security Governance and Policies Roles, Responsibilities, Segregation of Duties, Compliance with legal and regulatory requirements.
People Security for personnel and human resource processes Screening, terms of employment, awareness training, non-disclosure agreements.
Physical Protecting the physical premises and equipment Physical security perimeters, securing offices/rooms, protection against physical and environmental threats, clear desk policy.
Technological Utilizing technology to protect data Secure authentication, privileged access control, data leakage prevention, encryption, malware protection, backup.

The key takeaway is that ISO 27001 requires the firm to define its Information Security Management System (ISMS), which follows the Plan-Do-Check-Act cycle to ensure security is never static, but is continually assessed and improved.

Six Eye Review | The Compliant R&D Tax Claim Preparation Process

Swanson Reed integrates its ISO-mandated risk mitigation directly into the workflow for preparing an R&D tax claim, primarily through a multi-step process culminating in their unique Six-Eye Review.

Step Description Compliance & Risk Link
1. Identification & Data Collation Identify all qualifying R&D projects and collect the technical and financial data (costs, time tracking, design documents). ISO 31000 (Risk Identification): Ensures all relevant data is collected upfront to support the claim’s eligibility and cost allocation.
2. Technical Analysis & Write-up Qualified engineers/scientists draft the R&D report, detailing the scientific/technological uncertainty and the systematic process used to resolve it, as required by tax law. Defensibility: Establishes the core technical argument that proves the work meets the government’s criteria for Qualified Research.
3. Financial Allocation & Computation Accountants apply detailed methodologies to allocate employee wages, contractor costs, and supplies to the qualified R&D activities and compute the final credit amount. Accuracy & Auditability: Ensures compliance with specific tax regulations on what constitutes a “Qualified Research Expense” (QRE).
4. Mandatory Six-Eye Review The claim undergoes review by at least one Engineer/Scientist for technical merit, and one CPA/Enrolled Agent for financial/tax compliance. Compliance Quality Control: This mandatory check minimizes errors and maximizes the claim’s defensibility, aligning with both ISO 31000’s structured approach and professional due diligence.
5. Submission & Documentation The final, reviewed claim and all supporting documentation are submitted to the relevant tax authority (e.g., IRS). ISO 27001: All data handling, storage, and submission processes are secured by the ISMS to protect client confidentiality throughout the filing process.

Framework Element Description Implication for Clients
Six-Eye Review A mandatory internal review of every claim by a qualified engineer, a scientist, and a CPA or Enrolled Agent. Ensures the claim is technically sound, financially accurate, and compliant with tax law, maximizing defensibility.
ISO 31000:2009 (Risk Mgmt) An international certification for the firm’s comprehensive risk management policies and processes. Provides objective, third-party validation of the firm’s commitment to mitigating client tax risk.
ISO 27001 (Info Security) A leading global standard for establishing and maintaining an information security management system (ISMS). Guarantees the highest level of protection for sensitive intellectual property and confidential financial data.
IRS CE Provider Approved by the Internal Revenue Service to provide continuing education credits to Enrolled Agents. Signifies a level of expertise and trustworthiness recognized by the U.S. federal tax authority.
NASBA CPE Provider Certified by the National Association of State Boards of Accountancy to provide continuing education to CPAs. Establishes the firm as an authority in its field, trusted to educate other accounting professionals.
BBB Accreditation (A+ Rating) Accredited by the Better Business Bureau with the highest possible rating for ethical business practices. Confirms a strong track record of client satisfaction and a commitment to resolving issues transparently.

Ensuring You Receive Your R&D Tax Credits

Preparing an R&D tax credit claim is a meticulous process that requires a deep understanding of both technical and financial aspects. As Swanson Reed soley focuses on R&D tax credit claims, we are of the view we are best prepared to assist.  R&D tax credit claim preparation involves a careful collation and analysis of technical information to identify qualifying activities, the preparation of formal government documents and supplementary technical documentation to substantiate the claim, the application of detailed accounting methodologies to calculate eligible expenses, and a thorough understanding of the R&D tax credit regulations and IRS administrative processes to ensure compliance. Each step is critical to maximizing the value of your claim while minimizing the risk of audits or disputes.

Who is Eligible to Claim R&D Tax Credits?

The R&D tax credit is designed to benefit businesses of all sizes, from small and medium-sized enterprises to large corporations. To qualify, companies must engage in activities that meet the criteria set by the IRS. These activities include, but are not limited to:
– The design and development of new products or processes;
– Enhancements to existing workflows and operational processes;
– The creation and implementation of new software or computer systems;
– The development of prototypes or products that have not yet entered production; and
– Improvements to existing products to enhance functionality, performance, or efficiency.

If your business is involved in any of these activities, you may be eligible to claim R&D tax credits, which can provide significant financial benefits.

Are you eligible?

R&D Tax Credit Eligibility AI Tool

Why choose us?

directive for LBI taxpayers

Pass an Audit?

directive for LBI taxpayers

Choose your state

find-us-map

R&D Tax Credit Training for CPAs

directive for LBI taxpayers

Upcoming Webinars

 

Register Here

R&D Tax Credit Training for CFPs

bigstock Image of two young businessmen 521093561 300x200

Upcoming Webinars

 

Register Here

R&D Tax Credit Training for SMBs

water tech

Upcoming Webinars

 

Register Here

Never miss a deadline again

directive for LBI taxpayers

Stay up to date on IRS processes

Discover R&D in your industry

Contact Us

Send us a message and we will be in touch shortly!

Start typing and press Enter to search