Internal Audit Services
- Audit – financial, IT, compliance, operational
- Interim Chief Audit Executive (CAE) / Director of Internal Audit (DIA)
- Quality Assessment Review (QAR)
Security
- Solution selection
- Interim Chief Security Officer / Chief Information Security Officer
- Architecture
- Technical security
- General assessment
- Vulnerability assessment
- Attack & penetration testing
Business Continuity Planning / Disaster Recovery
Regulatory Compliance
- Sarbanes-Oxley
- HIPAA
- GLBA
- PCI
- SAS 70
- ISO 27001
- Risk assessment
- Overall programs to lower cost and increase efficiency
- Gap analysis and remediation strategies
Attestation Program Management
Phase 1: Enterprise Wide Risk Assessment
- Evaluate and understand environmental controls
- Assess the complexity of the IT infrastructure
- Assist management in performing process/financial risk assessment and mapping to the critical assertions
- Work with management to establish and approve project plan.
Phase 2: Process and Control Documentation
- Document all processes identified as high and medium risk
- Identify key controls at the transactional, application, and process levels
- Provide recommendations on weaknesses discovered in overall design effectiveness
- Provide a test plan for key controls using external audit approved testing guidelines
Phase 3: Key Control Testing
- Perform testing of key controls
- Identify all controls that have deficiencies in operating effectiveness
Phase 4: Ongoing Compliance
- Assist management with attestation
- Update documentation as needed
- Perform quarterly retesting where required
- Assist management with self-assessment program
- Assist management with internal training program
- Assist management in lowering cost and increasing efficiency
Our Commitment
- Continuous updates to management throughout the process
- Objectively evaluate the findings with management and reposition mitigating controls to the External Auditor
- No surprise fees: we cap employee travel expenses and the administrative overhead to the client
- We assist management’s understanding of the process in order to better enable ongoing commitment and compliance after successful project completion
Our Advantage
- Project teams include consultants with external audit experience
- Engagement teams are trained on identifying business process improvements without requiring additional time and commitment
- Our multi-tier staffing model provides the best value for the resource levels used
Contact us to learn more.