An IT framework
is key to a successful audit
Successful organizations understand the benefits of
information technology (IT) and use this knowledge to drive their
shareholders’ value. They recognize IT as a major enabler of the business,
the need to comply with increasing regulatory compliance demands and the
benefits of managing risk effectively. To aid organizations in successfully
meeting today’s business challenges, the IT Governance Institute® (ITGI) has
published version 4.1 of Control Objectives for Information and related
Technology (COBIT®). Entercomp can provide guidance in tailoring COBIT® to
meet you business needs. COBIT® enables clear policy development and good
practice for IT control throughout organizations. COBIT® 4.1—emphasizes
regulatory compliance, and helps organizations increase the value attained
70 SSAE 16
Why You Need a SAS 70 or
Entities and corporations must perform due
diligence and ongoing monitoring of the confidentiality, integrity and
safety of their data when it is being handled by a third party. SAS 70
and SSAE 16 audits provide assurance by properly documenting and testing the
internal controls of the service organizations.
If you are an organization providing outsourced services
or a qualified custodian under the investment act of 1940 you may be
required to obtaine a SAS 70 or SSAE 16 audit report.
Working with our partners at Carr, Riggs, and Ingram LLC
we can deliver
SAS 70 Types I & II and SSAE
16 reviews in accordance with standards established by the American
Institute of Certified Public Accountants often at prices below industry
We can provide consultation regarding the impact of
planned operational and system changes on
future SAS 70 or SSAE 16 projects and review of planned or actual changes to
controls relevant to the SAS 70 or SSAE 16 audit.
Service after the
Our firm prides itself in outstanding
client service. We will continue to provide ongoing support services to
our clients even after the project is over. We understand that
questions may arise between audit projects. Your audit team will
be easily accessible and quick to respond to inquiries. Our
extensive knowledge of controls allows us to be a valuable resource for
Section 404 of the Sarbanes-Oxley Act is relevant to
information technology. It requires management to demonstrate that they have
established appropriate "internal controls" to safeguard an organization's
financial processes. The regulation's internal controls requirement specify
that organizations safeguard financial data that may have a material effect
on financial statements. Entercomp can provide control definition, testing,
and evaluation to meet your SOX requirements.
Entercomp performs Federal Financial Institutions Examination Council
(FFIEC), TG3 STAR now TR39 and Pulse, Sarbanes—Oxley Act (SOX), and Gramm-Leach-Bliley Act (GLB) IT
reviews/ analysis. We test existing controls to assess performance or
work with your organization to implement new policies.
IT Risk Assessment.
Comprehensive planning process that includes an evaluation of the
existing IT infrastructure; alignment of IT systems with core business
objectives (including gap analysis); and development and documentation
of new or revised policies and procedures to address critical issues.
IT Penetration and Vulnerability
Testing. Assistance in or outsourcing
of testing and analyzing system vulnerabilities. We attempt to exploit
weaknesses to determine the potential impact of each issue identified,
including recommendations highlighting remedies to correct the issue(s).
provides complete information systems review for the HIPPA Security
The review consists of:
- Risk analysis
- Security assessment for
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Organizational requirements
Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley
Act” or GLB Act, includes provisions to protect consumers’ personal
financial information held by financial institutions. There are three
principal parts to the privacy requirements: the Financial Privacy Rule,
Safeguards Rule and pretexting provisions.
EnterComp can assist you and provide a proposal of
services with respect to Gramm, Leach, Bliley compliance.
Certified Information Systems Auditor
1978, the Certified Information Systems Auditor (CISA) program,
sponsored by ISACA®, has been the globally accepted standard of
achievement among information systems (IS) audit, control and
CRI Strategic Partner
strategic partner Carr, Riggs & Ingram, LLC is a regional
certified public accounting firm with office locations in
Alabama, Georgia, Florida, Tennessee and Mississippi.
Through this alliance, Entercomp and CRI can provide unmatched
IT audit, business solutions and