800.903.6264

SecureState
Search
Home > Services > Audit and Compliance > External CPA Support IT and Security Assessment Services

AUDIT & COMPLIANCE

Cross Compliance Mapping Assessment

Essentials

Most CPA firms and internal audit departments only have expertise in performing financial and perhaps IT auditing. SecureState’s Audit and Compliance Team provides the security audit function for CPA firms with various needs including SOX support, SSAE 16 (SOC1) AT 101, (SOC2 & SOC3), and AT 101 auditing standard support; as well as Information Security Risk Assessment services.

As a trusted advisor to the organization, the auditor has an obligation to identify and communicate risks to the organization. In many cases, the auditor overlooks security due to a lack of expertise. The auditor needs to consider and leverage expertise outside their organization so that significant risks are not ignored.

Benefits

  • Leverage the support of technical security experts who understand control requirements
  • Allows the CPA to maintain focus of financial and IT processes
  • Help determine the appropriate assessment for Service Organizations

Expertise

SecureState’s Audit and Compliance Team specializes in working with both business and technical personnel at an organization. Our Team of certified auditors includes, but is not limited to the following designations:

  • CISSP
  • CISA
  • QSA
  • PA-QSA
  • CIPP
  • ISO 27001 Provisional Auditors

Did You Know?

  • Most CPA firms do not have the proper expertise to assess or audit IT, IT Security, and/or privacy controls?
  • Having an understanding of enterprise network devices and systems allows for more thorough assessment or audit. This helps organizations in finding issues that could potentially negatively impact their security infrastructure
  • We have a deep understanding and working knowledge of a wide variety of regulations and control frameworks in several industries such as Medical (HIPAA), Financial (FFIEC), Energy (NERC-CIP), Retail (PCI), Government (NIST standards), International (Safe Harbor, ISO 27001 and 27002). This expertise helps with organizations that choose not to use the SOC assessments and want to attest to an alternative set of controls through AT 101
  • We can help organizations build an internal audit program to ensure that controls are working on an ongoing basis
  • A gap or readiness assessment is recommended prior to your formal audit
  • Insufficient documentation are the most common findings
  • A remediation roadmap from a gap/readiness assessment will provide organizations with detailed tasks and estimated timeframes for completing identified mitigation activities
  • SecureState can assist with implementing any required operational changes needed due to findings or exceptions found during audits

RELATED:

Our Approach and Methodology

Our Experienced Team Members at SecureState work with the CPA firm to develop a plan of action for an engagement. Support options can range from assistance with the development and/or remediation of security controls and test procedures; to performance of test procedures for clients on-site. Our “MyState Portal” is used for collaboration purposes to include the creation of web-based audit matrices and the secure exchange of data during an engagement.

What Makes Us Different

SecureState:

  • Provides comprehensive on-demand Privacy and Security expertise during the engagement and throughout the year
  • Has a deep understanding of the AT 101, SSAE16 and the three SOC audits
  • Supports its clients’ audit programs with our proprietary “MyState Portal” and a team of certified security specialists
  • Maintains close relationships with our clients because we care about the outcome of the assessment
  • Has presented at ISACA events, leading conferences, and independent seminars

Downloads

We Can Help You

Copyright © 2012 SecureState LLC. All rights reserved.
23340 Miles Road Cleveland, Ohio 44128-5493 | 800.903.6264

SecureState Data Security