Controls Advisor, LLC

The Pre-Audit Preparation for SSAE 16 and other audits assures Business Management pending audits will be ‘problem free’ when auditors arrive for testing.

Business or IT managers, do you need assistance in creating internal documents for auditors, such as a management attestation letter and a narrative of your business’ systems/processes for SSAE 16? 

Or perhaps your organization needs a risk assessment and internal controls listing for Sarbanes Oxley (SOX),  internal policies and procedures for your board of directors, internal audit testing documentation for GLBA, Privacy Survey or confirmation statement for PCI, or disaster recovery and business continuity plans and testing for HIPAA? 

Not sure if your prior year’s audit issues remediated or are up to auditors' standards?  An interim follow-up / internal audit report (for your eyes only) will help you be sure old issues are cleared before your next audit.

To ensure your business is ‘Audit Ready,’ you may need professional consultants’ help in creating appropriate these, or other, internal management documents. Along with ensuring the corporations’ data and systems are secure and appropriately maintained, the Pre-Audit Prep review protects the reputation of the IT Service provider and allows for problem-resolution BEFORE the client’s auditor arrives.

SSAE 16 PREPARATION

In case you are unaware, new regulations, forcing the conversion of SAS 70 reporting to SSAE 16 reporting, require business management to create new detailed internal documentation which is required by external auditors, prior to the commencement of your SSAE 16 audit.  Independent consultants can prepare your internal management documentation for you, ready for business management’s review, approval, and submission to your SSAE 16 auditors.


IT-RELATED AUDIT PREPARATION

For IT-related audits, our service offering also may include external penetration testing of network security vulnerabilities which may exist.  This test, conducted by CEH certified auditors, is generally required annually by external auditors.

Annual testing of Disaster Recovery and Business Continuity plan is also generally required during auditor's review.  We provide test plans and oversight for such testing.

Vendor management often falls by the wayside due to business management's hectic schedule in daily operations.  Our service offerings include vendor selection/recommendation, contract review, and vendor oversight, to ensure audit requirements are met throughout the year.

Our methodologies can be found in our E-Book, How to Beat the Audit... an ethical guide to prepare business management for audits. For details or a copy of the book, click contact us and enter your contact information at the bottom of the screen.

The Pre-Audit Preparation & Advisory service is a non-audit consultation. The service is available to our clients who we will not be auditing in the same period as the consultation. We segregate the two functions to avoid a conflict of interest during audits, so we are not auditing our own work.