Controls Advisor, LLC

Internal Audit services for business leaders provide executives with scope, risk assessment, controls listing, and test results of their internal controls environment. We also provide a list of issues with recommendations for remediation.  Reports meet or exceed external audit requirements for internal due diligence. 

Compliance review offerings include:

• SOX testing
• HIPAA compliance survey
• PCI compliance review, survey, and assertion
  
• GLBA assurance
• Penetration Testing of IT network vulnerabilities

• SSAE 16 Certification with CPA oversight for third-party service providers

• Audit-READY IT Certification for IT Service Providers/vendors and their clients. Click for Certification Requirements.

Pre-Audit Preparation for individual business departments provides assurance upcoming audit reports will be free of surprises.  We assist in gap closure by creating management's internal documentation such as policies/procedures, strategic plans, Disaster Recovery / Business Continuity plans, management assertions, business process narratives, etc.

Pre-Audit due diligence, such as annual testing of Disaster Recovery / Business Continuity plans, Penetration Testing of network vulnerabilities, annual strategic planning and budgeting, policy and procedure update/sign off, etc is often required by auditors

Vendor management often falls by the wayside due to business management's hectic schedule in daily operations.  Our service offerings include vendor selection/recommendation, contract review, and vendor oversight, to ensure audit requirements are met throughout the year.

 
In-house training of management and staff to ensure they understand the reason behind audit questions and how to answer appropriately, providing mitigating controls when obvious key controls are not effective.

The results of the pre-audit assessment and/or preparation go directly to departmental managers, not to C-level executives, unless requested.

Audit Liaison protects management from embarrassment during audits, prevents auditors exceeding allowed time and budget during on-site testing, reduces time taken from management by auditors' excessive inquiries, ensures against inappropriate auditor's comments in the final report.

Post-Audit, project managers are ready to oversee business process engineering and remediation action items, ensuring change management over your control environment or implementation of IT Systems remain in-line with auditors' expectations 

Details around our methodologies can be found in our new E-Book, How to Beat the Audit, business management's guide to ethically prepare for their audits.  For details or a copy of the book, click contact us and complete the form at the bottom of the screen.