Corporate governance, risk management and internal controls are terms that are on the minds of most CEOs, CFOs and CIOs. Regardless of the industry, size of organization or profit status of a business, the management team must understand, plan for and respond to higher expectations of its company’s control environment.
Recent court cases, federal and state actions (eDiscovery) and new compliance standards have changed the way companies design and monitor their internal control systems and manage risks. Central to compliance is identifying, testing and documenting internal controls related to the company’s information assets and financial reporting. Management can now be held legally responsible for the effectiveness and operation of the internal control systems.
BlumShapiro’s Management Consulting Group has developed, evaluated and enhanced the internal control systems of many companies and organizations. You can benefit from the invaluable knowledge that our team has gained as a result of this first-hand experience.
Through our experiences of assisting many companies, we have developed a proven methodology and project approach that results in effective and efficient compliance based projects. This includes performing risk assessments, developing documentation and evaluating internal controls for Sarbanes-Oxley (SOX), Gramm Leach Bliley (GLB), Health Insurance Portability and Accountability Act (HIPAA HITECH), Payment Card Industry (PCI) and Family Educational Rights and Privacy Act (FERPA) compliance standards. We understand and work with your team to evaluate and report on the effectiveness of a company’s internal controls.
Our approach to can be specifically tailored to meet your needs: Whether you need an abbreviated evaluations of your IT operations with observations about your preparedness to counter security risks, or comprehensive assurance as to the suitability of your IT controls in achieving your information security risk objectives. We also offer a wide array of implementation services to help you design and create your information security programs, IT controls, policies and procedures.
Our IT controls and risk consulting services also include:
- PCI Compliance
- Internal security control assessment
- Risk Assessments
- SOX and corporate governance
- SSAE 16 - SOC 1 and SOC 2
- Computer forensics and e-Discovery