Value Management Solutions helps PE firms and portfolio companies build GRC programs that protect enterprise value, satisfy LP due diligence, and maximize exit multiples — backed by 25 years of advisory experience, co-ownership of Lazarus Alliance Compliance (SOC 1/2/3), a licensed ERM methodology, and the world's first AI auditor.
Primary advisory relationship. Michael Corcoran, CPA — 25+ years advising public and private companies on GRC, ERM, and risk governance.
SOC 1, SOC 2 & SOC 3 attestations. Co-owned with Michael Peters of Lazarus Alliance — 26 years in proactive cybersecurity.
World's first AI auditor. FedRAMP-authorized platform. Gartner "Best Value GRC Software." 100+ auto-mapped frameworks.
Objective-centric ERM methodology licensed from Tim Leech — IIA top 10 risk thought leader of the decade globally.
Most portfolio companies inherited governance and risk programs built for a different era. That gap shows up in diligence, in reporting, and in exit negotiations — as real dollars off the valuation.
Control weaknesses, undocumented risk exposures, and compliance gaps discovered after close become unexpected remediation costs — often 3–5× what proper diligence would have cost upfront.
Management teams spending cycles on compliance firefighting and repeat audit findings instead of EBITDA growth. SOC reports that don't exist. Controls that haven't been designed or tested.
Strategic buyers scrutinize governance maturity. A weak GRC posture — even with strong financials — gives buyers leverage to reprice or walk away. A clean SOC 2 and documented ERM program does the opposite.
Scoped for PE timelines — not multi-year enterprise retainers. Every service is designed to create a tangible improvement in your portfolio company's risk posture and enterprise value.
We design governance, risk, and compliance programs from the ground up — policy architecture, control frameworks, board reporting, and compliance calendars. Built to satisfy sophisticated buyers and LP reporting requirements without creating bureaucratic drag on management.
We implement the Risk Oversight Solutions objective-centric ERM methodology — licensed from Tim Leech, IIA top 10 risk thought leader globally. Deliverables include risk registers, risk appetite statements, heat maps, and executive dashboards proven at Shell, Microsoft, RBC, and KPMG in 22 countries.
Through Lazarus Alliance Compliance — co-owned with Michael Peters of Lazarus Alliance — we conduct SSAE 18 SOC examinations across all three report types and all five Trust Service Criteria. Type I and Type II. Powered by Continuum GRC's A.ITAM platform for faster, technology-driven audits.
Pre-close GRC assessment scoped to your deal timeline. We identify control gaps, compliance exposures, and governance liabilities before they become reps & warranties claims. Post-close, we lead the integration and remediation workstream.
Outsourced and co-sourced internal audit for portfolio companies that don't need — or aren't ready for — a full in-house function. Big Four methodology, boutique responsiveness, and direct reporting to your audit committee.
12–24 months before your anticipated exit, we run the full buyer-side playbook — finding every governance or compliance issue a buyer's advisor will find, and fixing it before they do. Includes SOC report procurement, ERM documentation, controls remediation, and management presentation support.
Our work is designed to fit the PE lifecycle — with different deliverables optimized for each phase of the hold period, all available through one advisor relationship.
Control weaknesses discovered in diligence typically result in a 5–15% valuation reduction or deal restructuring. A clean SOC 2, documented ERM program, and buyer-ready governance package can have the opposite effect — and VMS can deliver all three.
Most advisors can tell you what SOC 2 requires. We can hand you a signed report. That's the difference co-ownership of Lazarus Alliance Compliance makes — no vendor management, no re-explaining your environment, no delay at a critical moment in the deal.
Continuum GRC's A.ITAM — the world's first AI auditor — automates compliance assessment and evidence management. For portfolio companies working against hold-period deadlines, that speed is a real economic advantage.
Our ERM work is grounded in the Risk Oversight Solutions methodology — licensed from Tim Leech, and tested at the world's most demanding organizations including Shell, Microsoft, RBC, and KPMG in 22 countries.
The primary advisory relationship. 25 years of direct experience advising public and private companies on GRC, ERM, internal audit, and risk governance — at the CFO, CAE, and board level. Georgetown-educated. Every engagement led personally by Michael.
Michael co-owns Lazarus Alliance Compliance with Michael Peters — founder of Lazarus Alliance, a 26-year-old proactive cybersecurity firm trusted by Cisco, Iron Mountain, KPMG, and hundreds more. Together they deliver SOC 1, 2, and 3 attestations as a licensed CPA firm.
The world's first AI auditor. Continuum GRC's A.ITAM is the only FedRAMP-authorized GRC platform on the planet, with 100+ auto-mapped frameworks, real-time compliance dashboards, and AI-driven audit automation. Named Gartner "Best Value GRC Software."
VMS licenses the Risk Oversight Solutions objective-centric ERM methodology — developed by Tim Leech, named one of the top 10 internal audit and risk thought leaders of the decade by the IIA. Licensed to KPMG in 22 countries and implemented at Shell, Microsoft, RBC, and hundreds of global organizations.
Michael's professional colleagues include four of the most recognized and credentialed names in the global GRC, internal audit, and risk management community — a network built over decades of shared practice and mutual respect.
The analyst who coined and defined the term "GRC" at Forrester Research in 2002. Founder of GRC 20/20 Research, former Forrester VP and Top Analyst, OCEG Fellow, and contributor to U.S. Congressional reports on governance and compliance.
Former Global Chairman of the IIA (2013–14) and former Chairman of COSO. Former VP and Chief Audit Executive at Georgia-Pacific. Inducted into the IIA American Hall of Distinguished Practitioners. Named one of the 100 Most Influential People in Finance by Treasury & Risk Magazine. Author of four books.
CPA, CRMA. Over 20 years as Chief Audit Executive and Chief Risk Officer at major global corporations. Inducted into the IIA American Hall of Distinguished Practitioners (2018). Honorary Fellow of the Institute of Risk Management. Author of 12 books on risk management, internal audit, and governance.
Founder and CEO of Risk Oversight Solutions. Named one of the top 10 internal audit and risk thought leaders of the decade globally by the IIA. Pioneer of objective-centric, management-driven risk methodology — which VMS licenses and has practiced since 2002.
Michael Corcoran founded Value Management Solutions on a conviction built over 25 years of practice: that well-designed GRC programs don't just protect companies — they create measurable competitive advantage and real enterprise value.
A Georgetown graduate and CPA, Michael has spent his career advising public and private companies at the CFO, Chief Audit Executive, and board level — across financial services, defense, technology, manufacturing, and healthcare. Every engagement is led by Michael personally.
Through co-ownership of Lazarus Alliance Compliance with Michael Peters, a licensed ERM methodology from Risk Oversight Solutions, and access to the Continuum GRC A.ITAM platform, VMS delivers a level of integrated capability that no solo advisory practice can match.
Michael's professional colleagues include Michael Rasmussen (the Father of GRC), Paul Sobel (former IIA Global Chairman and COSO Chairman), Norman Marks (IIA Hall of Distinguished Practitioners), and Tim Leech (IIA top 10 risk thought leader of the decade).
Bachelor's degree from Georgetown University. Certified Public Accountant. Deep technical grounding in audit, internal controls, financial reporting, and risk frameworks including COSO, COBIT, ISO 31000, and NIST.
A career built at the CFO, CAE, and board level — across financial services, defense, technology, manufacturing, and healthcare. Direct experience with companies from early-stage through Fortune 1000.
Co-owns Lazarus Alliance Compliance with Michael Peters, founder and owner of Lazarus Alliance — a 26-year-old cybersecurity firm conducting SOC 1, 2, and 3 attestations and the full stack of cybersecurity audit and compliance services.
Licenses and practices the objective-centric ERM methodology developed by Tim Leech of Risk Oversight Solutions — in continuous practice since 2002, and proven at Shell, Microsoft, RBC, KPMG in 22 countries.
Specialized knowledge in CMMC Level 1–3, SPRS scoring, DFARS, NIST SP 800-171, and regulated industry compliance — directly relevant for PE firms with defense, government, or highly regulated portfolio holdings.
We typically begin with a complimentary 60-minute discovery call. We'll assess your current GRC posture across the portfolio, identify the highest-priority gaps, and give you a clear picture of what addressing them is worth in terms of risk reduction and exit value.