 IT
Audit & Assurance Services
New Article!
Implementing
the IT-Related Aspects of Risk-Based Auditing Standards
HA&W
provides a wide offering of IT risk management services
that meet our clients’ specific needs in terms of
their industry, regulatory requirements, and budgetary needs.
Our skills extend across a wide range of industries, business
applications, computing platforms and applicable regulations,
and we are uniquely qualified in many aspects of IT audit
and security and control. Our professionals all have 5-10+
years practical industry experience along with several years
experience auditing technology for financial, compliance,
and operational purposes. Our mission is to provide our
clients with the most cost-effective and pragmatic IT audits
and advisory services. Our areas of focus and expertise
include the following:
SSAE
16 / SAS 70: Reporting on Controls at a Service Organization
In April
2010, the AICPA released SSAE 16, which will replace SAS
no. 70, effective June 15, 2010, with early adoption allowed.
HA&W has several clients still pursuing SAS 70 reports
this year, while some have decided to pursue early adoption
of SSAE 16. We can help you consider the alternatives reflected
in the two reporting approaches.
Trust
Services Principles & Criteria
What
is it? An approach and framework for companies
to apply controls over certain domains, and to provide reporting
approach when SAS 70 / SSAE 16 is not appropriate. Trust
Services is often useful when services provided are critical
to users of the services but do not affect internal controls
over financial reporting.
Privacy
Risk Management Services
The
proliferation of data combined with an ever-growing list
of data breaches has everyone (e.g. Federal, State and Industry)
taking action towards securing private / sensitive information.
Our knowledgeable professionals can navigate the gauntlet
of regulatory compliance requirements specific to your industry
while installing foundational frameworks to ease your on-going
compliance efforts.
IT
Strategy and Organizational Alignment
Our
professionals often support our clients’ executive
management teams to help ensure IT strategy, IT organization,
and IT infrastructure are aligned to business overall strategy
and needs. We have addressed both application selection
and infrastructure design and deployment in many technology
intensive industries. We have helped several clients establish
IT management practices and personnel needed to take their
business to the next level.
Enterprise
IT Risk Management and Regulatory Compliance
We have
guided our clients through deployment of comprehensive IT
risk management solutions that encompass operations, finance
and compliance risks (e.g., SOX, banking, HIPAA, etc.) and
also to ensure these risks and associated controls are streamlined,
rationalized, deployed, and monitored to provide piece of
mind to audit committees and other executive management.
Process
and Business Performance Improvement
Our
professionals have helped many of our clients through the
risky and complicated process of upgrading or replacing
their business applications and supporting infrastructure
to improve business performance and reduce costs.
IT
Due Diligence of Software Applications (and Supporting Infrastructure)
to meet Business Needs and Objectives
We have
helped many companies evaluate options and make informed
decisions when selecting business applications; such as
ERP, or more focused solutions such as Financial Management,
Advanced Planning (supply/demand), or Retail POS and Retail
Management Systems.
Project
Management Control
Our
professionals can help ensure the new IT solutions, or changes
to IT infrastructure, are deployed on-time and on-budget,
with minimal disruption and maximum achievement of business
objectives.
Logical
Access Control
Our
professionals are deeply skilled in understanding, assessing,
and managing logical access controls for virtually any type
of operating system, database, business applications, and
network devices. We can efficiently assess Segregation of
Duty (“SOD”) and other control weaknesses, and
guide your company through the deployment of policies and
procedures to ensure logical access controls meet your business
security needs and objectives.
Network
and Security Vulnerability Assessments
Our
security management professionals have deep experience applying
leading international standards (including the National
Security Agency's INFOSEC Assessment Methodology ‘NSA
IAM’) and leveraging network vulnerability scanning
tools to identify security management weaknesses related
to management practices and to network design and management.
In addition to evaluating network, system, and web-based
security threats and vulnerabilities, we provide additional
testing to determine whether your high-value accounts and
information can be readily compromised by simulating external
attacks and system penetrations.
IT
Audit/IT Internal Audit
Our
IT audit professionals have deep experience in both external
and internal audit functions, assessing and auditing against
the complete range of audit requirements including financial,
regulatory, and operational audit requirements. Our professionals
have experience and certifications that address any level
of the IT infrastructure, at the level of the application
or business system, the operating system, and the database.
|
