To complete our review we follow various guidelines and standards, such as GAO’s Federal Information System Controls Audit Manual (FISCAM) which outlines audit procedures for conducting IT audit work for financial statement audits. We also conduct our general controls reviews using the newest version of CoBiT, ISO/IEC, National Institute of Standards and Technology (NIST). To execute our review we perform the followings:
- Develop Work Program
- Execute the testing program
- Monitor progress
- Review findings
- Hold meetings with Company/Agency individuals responsible for the respective sections to confirm our understanding of control weaknesses noted and obtain Company concurrence with our findings
- Make an overall information technology control risk assessment, and
- Issue our report to the respective Department on the overall information technology control risk assessment
We execute tests of the IT controls, document our test results and identify the cause of any problem areas noted in our review. We also make recommendations that the Company/Agency could implement to mitigate identified control risks. The assessment of the overall IT control structure is designed to assist the management in evaluating part of the Agency/Company’s internal environment and in determining if management can rely on more specific process and application controls relating to the processing of transactions and information included in the Agency/Company’s Annual Statement and thus reduce the nature and extent of substantive examination procedures for the examination.
SSAE 16/SOC Reporting
A SSAE 16 or service organization control (SOC) report will distinguish you in the marketplace and shows your commitment to quality and internal control. We can help you design the controls needed to securely host and process confidential information.
- Increasing demand for a SSAE 16 (Statement of Standards for Attestation Engagement16) or SOC report
- Proving your commitment to internal control
- Complying with Section 404 of the Sarbanes-Oxley Act of 2002 (SOX 404)
- Protecting against a network penetration breach
- Safeguarding customer information
A unique approach
InteliPath professionals have experience and intimate knowledge to help you merge internal control and security measures with business goals and objectives. From initial readiness and gap assessment to final control testing, our professionals will collaborate with your team leaders to dramatically impact your culture of control and security.
InteliPath has the experience with enterprise data processing systems, operating systems, and network protocols that are the lifeblood of your business. Our team includes professionals with accounting, auditing, information technology (IT), and information security credentials. By leveraging our business acumen with IT auditing experience, you can implement the critical controls to support SSAE 16/SOC reporting.