In today’s business environment, enterprises are facing increasing pressure from both domestic and global regulatory bodies in the form of new and expanded compliance requirements. Governments, oversight committees, and standards boards have demanded increased focus on customer privacy, data reliability, and security. Information technology is inseparable from any organization’s business strategy and operations. While the increasing dependency between business and technology delivers real benefits it also raises a lot of questions. Since these risks are now mission-critical, it is important that management understand the level of threat they pose and the effectiveness of the controls that have been implemented to mitigate or reduce the threat. Our security team has designed a number of services to meet these requirements.
We work with our clients to identify, develop and test internal control policies and procedures within business processes and information technology environments. Our computer assurance services are geared to identify and assess technology structures, internal control policies, and procedures taking our client’s technology department, internal processes, and working style as the starting point. These services may come as part of an internal audit or audit of financial statements or as individual projects resulting from major organizational changes, implementation of new technologies or reliance on third-party service providers.
Network Security Risk Assessment
A network security assessment performed by SOLUTIONS@MBA identifies the vulnerabilities in a company's information systems security, security policy and procedures and the physical security of information assets. An assessment is performed externally (remotely from our offices) and from the inside of your organization.
Customer Information Risk Assessment
A customer information risk assessment performed by SOLUTIONS@MBA identifies the vulnerabilities in a company's information systems security, security policy and procedures and the physical security of information assets as it specifically relates to safeguarding customer information. The main regulatory driver for this type of assessment is the Gramm-Leach Bliley Act Privacy Safeguards Rule.
SAS 94 – “The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit”
SAS 94 engagement assesses the effect of Information Technology (General Computer and Application Controls) on the auditor’s consideration of Internal Control in a financial statement audit. Why was this Standard Issued? - To help auditor cope with the issues because of the explosive growth of IT use. - Provides auditors with guidance on it’s effect on Internal Control - Acknowledges that IT use presents benefits and risks to Internal Control - IT use may be so significant that the quality of audit evidence will depend on the controls the business maintains over its accuracy and completeness - IT has a major influence on the process companies use to prepare financial statements
Business Contingency Planning (BCP) Risk Assessment
A BCP risk assessment performed by Solutions identifies the vulnerabilities in a company's business continuity plan (BCP), business impact analysis (BIA), disaster recovery procedures, and the recoverability of business processes and resources. This type of assessment specifically addresses the requirements mandated by the Federal Financial Institutions Examination Council (FFIEC). The FFIEC BCP Booklet states that a BCP Risk Assessment and a BIA are the foundation of an effective BCP.
SAS70 – “Third Party Report on Controls”
Service providers often need to provide assurance that its internal control environment meets the standards of its client(s). A SAS70 report serves as an attestation from a CPA firm that the controls as asserted by a service provider are designed and operating effectively. Solutions works in conjunction with its parent company, the Certified Public Accounting firm of Morrison, Brown, Argiz & Farra, LLP, to perform SAS70 engagements. As directed by the service provider, the auditor will conduct one of two types of SAS70 examinations: Type I - On the design of controls in place at a point in time. Type II - On the design and effectiveness of controls in place for a period of time (usually six months) with details of tests performed.
 |
|||||||||||||||||||||||
 |
|||||||||||||||||||||||
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
