If your organization provides services to public companies or to regulated industries (e.g., banking or healthcare), then you may be asked to provide an audit report on your internal controls as they pertain to information technology (IT) and business processes.
These reports are referred to as Systems and Organization Control (SOC) 1, 2 and 3 reports and are released by the American Institute of Certified Public Accountants (AICPA).
Holtzman Partners understands the challenges of the internal controls reporting process, and we are familiar with the different types of reports. We work with companies to review internal controls and other measures to ensure compliance with SSAE 18 and SOC reporting standards. We work with clients of all sizes to custom-tailor their report to the exact needs of their customers and regulators.
Since information technology (IT) systems proliferate throughout an organization and can therefore impact almost all areas of a company’s business, evaluations of IT control structure can have a profound impact on a company’s overall control environment.
Our firm has the experience to perform these evaluations and add value to help strengthen that control environment. Our IT risk services allow our clients to utilize personnel with significant technical IT and audit experience across various industries and to benchmark IT control procedures against other companies in similar industries.
We maintain a talented group of IT professionals with a combination of technical and audit experience which rivals that of large international accounting and consulting firms. This experience includes performing reviews and evaluations of the following:
Companies that work with patient health care information may be required to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). These requirements include maintaining an internal control structure that limits access to sensitive patient health-related information and may be subject to review by regulatory agencies. Companies may also face fines for non-compliance.
Our HIPAA compliance services allow companies to voluntarily evaluate the impact of HIPAA requirements before a formal evaluation is required by a regulatory agency. This service allows management to be confident that their control structure is sufficient to address HIPAA requirements thus reducing the exposures that may result from non-compliance with its rules.
Our HIPAA Audit Preparation services include:
The extensive experience of our partners and staff personnel with internal control related services uniquely positions our firm to provide these HIPAA audit preparation services. This experience allows us to provide logical solutions to issues encountered and as a result, may reduce the overall compliance effort for our clients.
Companies that provide services to banks, credit unions or other financial institutions may be required to undergo an examination by the FDIC, NCUA or OCC under the guidelines defined by the Federal Financial Institutions Examination Council (FFIEC).
These guidelines require that companies formalize their internal control policies, perform an internal risk assessment and perform an internal audit of their controls. Non-compliance with these requirements (as identified by an FFIEC audit) may result in fines.
Our firm provides services that help companies comply with FFIEC requirements including assistance with the creation of internal control policies, developing and performing an internal risk assessment and evaluating internal controls on behalf of management.
These procedures are intended to help ensure that the company will meet FFIEC requirements if an audit were to be performed by a regulatory agency, thus reducing the exposures that may result from non-compliance with the guidelines. Further, since we are independent of the company, our services may allow the regulatory agency to rely on the results of our procedures to reduce the amount and extent of their evaluation procedures.
Our FFIEC audit preparation services include: