Personalized Service. Enterprise Depth.
EisnerAmper brings 30+ years of sports and entertainment expertise, deep NFL business model fluency, and a partner-led team designed to deliver across all seven audit verticals simultaneously.
The NFL isn't looking for an internal auditor. It's looking for a partner that understands the League and shows up that way every single day.
The NFL is seeking a qualified internal audit partner to serve as the operational backbone of a complex, multi-vertical audit program covering approximately 50 to 55 engagements annually. The selected firm must demonstrate not just technical audit competence, but a deep understanding of the NFL's unique business model: the economics of a 32-franchise private league, revenue sharing mechanics, and the operational rhythms of a year-round sports enterprise.
~11 to 12 engagements per year
~10 engagements per year
~20 engagements per year
~50 engagements per year
~250 days per year
2 to 3 engagements per year
~25 days per year
You will come to know your partners. They will know your business. The same team that wins this engagement closes it. Institutional knowledge compounds. We are here for that.
We are not a national firm with a New York outpost. We are a New York firm, 6th largest in this market, with deep roots in the city's sports, media, and financial communities. Our engagement leadership is minutes from 345 Park Avenue. When the NFL needs to meet, there is no flight to book.
Multiple engagements across verticals demands a firm with depth for parallel workstreams, the expertise to move between a club financial review and a stadium cybersecurity assessment, and surge capacity to absorb scope changes. Named partners are personally accountable for every deliverable.
At the largest firms, a client like the NFL is managed. At EisnerAmper, it is served. Our Sports & Entertainment, Risk & Compliance, Royalty Audit, and IT Risk professionals treat serving you as our priority.
Most Recommended Accounting Firm, USA Today, two consecutive years. Best Firm for Technology, Accounting Today, 2025. Not self-assessments. The judgments of clients and peers who have compared us against every firm in this market.
Methodology, operating models, and an NFL-organization-aware delivery framework designed to manage complex, multi-workstream engagements holistically.
We apply a centralized engagement portfolio management approach that aligns scope, timelines, risks, and stakeholder communications across all activities, supported by standardized reporting, issue escalation protocols, and integrated milestone tracking.
Our approach begins by developing a deep understanding of the organization (its operating model, governance structure, objectives, and risk tolerance) to ensure all work is grounded in how the business actually functions. Across all workstreams, our methodology emphasizes proactive risk management, clear ownership, and continuous communication.
01 Leverage proven NFL experience, including SOC-related reviews, to drive effective transitions
02 Anticipate risks, documentation gaps, and stakeholder dependencies before they impact execution
03 Bring leading practices from other national sports leagues and complex organizations
04 Design governance, controls, reporting, and communications that work in practice
05 Tailor best practices to fit the NFL's unique operating environment
How the company is viewed by the general public. Tone at the top, company partnerships.
Accuracy of financial reporting, sustainability, and viability. Financial close/reporting, cash/receivables, liquidity, accounts payable.
Effectiveness in achieving organizational goals. System access/IT security, legal/risk management, HR, payroll/benefits.
Compliance with internal policies and external laws/regulations. Operating agreement, regulatory compliance, employment regulations.
Every investigation is unique. We tailor our approach accordingly.
Flexible delivery models, a clear transition plan, and reporting frameworks that keep the NFL informed at every stage.
EisnerAmper provides some or all audit resources working alongside NFL Internal Audit Management. Work is presented on NFL letterhead; NFL assumes risk and responsibility.
EisnerAmper assumes full ownership of the audit function from planning through reporting.
Day-one readiness with minimal disruption to the NFL's active audit portfolio.
Kick-off with NFL IA. Execute NDAs & system access. Assign engagement team. Receive prior-year workpapers.
Shadow sessions with departing provider. Review historical reports. Map entity/org structure. Calibrate NIST/DHS standards.
Draft Year 1 audit plan. Configure tech stack & analytics. Build licensing templates. Finalize staffing model.
Begin first-priority engagements. Deliver Week 1 status report. Activate quarterly analytics. Full portfolio execution.
Zero lapse in audit coverage
NFL season timing respected
Named team from Day 1
Data security active at kickoff
We staff NFL engagements from a unified pool of Assurance and Advisory professionals. When scope expands, we redeploy credentialed senior professionals within days, not weeks.
Fixed-fee engagements structured with clearly defined change-order thresholds, giving the NFL cost certainty without being locked in.
Cybersecurity, forensics, licensing compliance, ERM: when an engagement requires a specialist, we bring them in from the same integrated team. One accountable firm.
Below are representative examples of the reporting deliverables EisnerAmper provides across the NFL Internal Audit Program.
✓ Completed walkthroughs: payroll system access controls and segregation of duties (8 interviews)
✓ Tested 25-item sample of payroll transactions — results documented in workpapers WP-04
✓ Obtained and indexed PBC items 12–18 (benefits reconciliation, termination checklists)
○ HR system user access review — in progress, expected June 12
○ Control testing for overtime approval — scheduled week of June 16
| ID | Request | Owner | Due |
|---|---|---|---|
| PBC-07 | Vendor master change log (FY25 Q3–Q4) | NFL Finance | Jun 10 |
| PBC-11 | Off-cycle payroll approval emails | NFL HR | Jun 12 |
| PBC-14 | Terminated employee access revocation log | NFL IT | Jun 8 |
| PBC-19 | Benefits reconciliation — Q1 2026 | NFL Finance | Jun 15 |
Terminated employee access not revoked within 24-hr policy window — 3 of 25 tested items (12%) reflect delays of 3–7 business days.
Control gap; management notified June 9.
Overtime approval documentation inconsistent — 4 instances where approver email not retained per policy.
Recommendation to formalize digital workflow.
Vendor master list last reconciled Q2 2025; no formal change management log in place.
This audit examined payroll and compensation controls for the NFL League Office covering ~1,100 employees across salary, bonus, and benefits for Q1 2026.
✓ Payroll transactions (n=25)
✓ Benefits reconciliation — Q1 2026
✓ Terminated employee access (n=18)
✓ Overtime & off-cycle workflow
✕ Contractor/vendor payroll
✕ Executive compensation
VP, Human Resources
EVP, Operations
League Chief Financial Officer
Head of Internal Audit
Condition: 3 of 18 tested terminations (17%) had system access active 3–7 business days beyond the 24-hour requirement.
Criteria: NFL Information Security Policy §4.2
Risk: Unauthorized data access; potential payroll fraud or data exfiltration.
Recommendation: Automate access revocation from HRIS termination workflow; implement weekly exception report to IT Security.
Management Response: Pending — due July 23, 2026
Condition: 4 of 25 tested overtime transactions lacked required written approval.
Criteria: NFL HR Policy §7.1
Risk: Policy non-compliance; reduced audit trail.
Recommendation: Implement digital approval workflow in HRIS; 90-day remediation timeline.
Management Response: Pending — due July 23, 2026
Condition: No change management log maintained; last reconciliation was Q2 2025.
Criteria: NFL Procurement Policy §2.3
Risk: Undetected phantom vendors or unauthorized payment routing.
Recommendation: Semi-annual reconciliation; LogicGate workflow for change approvals.
Management Response: Pending — due July 23, 2026
League Office Ops — Q2: 3 | YTD: 9/12
Member Club Audits — Q2: 2 | YTD: 6/10
IT & Cybersecurity — Q2: 4 | YTD: 10/20
3rd Party/Licensing — Q2: 12 | YTD: 20/50
Advisory & ERM — Q2: 0 | YTD: 3 (ongoing)
Investigative Svcs — Q2: 1 | YTD: 2 (as needed)
Terminated employee access revocation delays (League Office — Payroll Audit)
Unpatched critical vulnerabilities across 2 club IT environments
Revenue sharing exception — unreported deductions (Member Club Audit)
4 findings — Documentation and workflow gaps across 3 engagements
2 findings — Vendor master reconciliation and change management gaps
Football Operations Audit — Aug
Stadium Cyber Reviews (x3) — Jul–Sep
Member Club Audits (x3) — Aug–Sep
Licensing Audits (x15) — ongoing
Annual Financial Controls — Sep
| Dimension | Score |
|---|---|
| Communication Quality | 4.5 |
| Report Quality & Clarity | 4.4 |
| Timeliness | 4.1 |
| Team Expertise | 4.6 |
| Responsiveness | 4.2 |
| Overall Value | 4.1 |
Target: ≥ 4.0 all dimensions ✓ | No dimension below 3.5 ✓
| Engagement | Score |
|---|---|
| Payroll & Compensation Audit | 4.2 |
| Club IT Audit — Team A | 4.5 |
| Stadium Cyber — Venue A | 4.4 |
| 3rd Party Contract Audit | 3.9 |
| Member Club Audit — Club B | 4.1 |
Q8 Standard: Draft ≤ 15 days | Final ≤ 30 days from fieldwork end
| Engagement | FW End | Draft | Final | Status |
|---|---|---|---|---|
| Payroll & Comp | Jun 20 | 12d | — | ON TIME |
| Club IT — Team A | May 28 | 9d | 22d | ON TIME |
| Stadium Cyber | May 15 | 11d | 24d | ON TIME |
| 3rd Party Contract | Apr 30 | 8d | 19d | ON TIME |
| Member Club — B | Jun 12 | 16d | — | LATE |
| Licensing Batch Q2 | May 5 | 7d | 18d | ON TIME |
| Engagement | Audit Days | Duration |
|---|---|---|
| Payroll Audit | 48 / 55d | 32 / 40d |
| Club IT — Team A | 31 / 32d | 28 / 35d |
| Stadium Cyber | 29 / 32d | 31 / 35d |
| 3rd Party Contract | 36 / 38d | 22 / 30d |
| Member Club — B | 53 / 50d | 38 / 45d |
22 of 28 findings closed YTD | Target ≥ 75% ✓
Serving clients at the intersection of sports, entertainment, media, and licensing for over three decades.
Network audits across athletic buildings, football operations, and 100,000-seat stadiums.
Physical security control audits at major athletic facilities including access controls and monitoring.
Cybersecurity audits evaluating security, privacy, and protection of athlete data.
Assessment of HIPAA privacy, security, and breach notification for athletics operations.
PCI DSS compliance for ticketing, parking, and concessions payment card data.
EisnerAmper has served large collegiate athletic programs since 2019, including IT audit co-source services to the University of Texas at Austin.
Cybersecurity audits, wireless network assessments, and PCI compliance.
HIPAA compliance assessments protecting student-athlete health records.
Data Governance Committee support, establishing controls for athletic data assets.
The team you meet in this proposal is the team in the room at every Audit Committee presentation. Year one, year two, and beyond.