From hacked customer account data to crippling viruses to web page hijackings - we’ve all heard the horror stories. The power of today’s technologies must be balanced with policies and procedures that provide a secure environment where information is readily available. Your organization must be able to continually assess the security situation and react in the face of rapidly changing threats, technologies, and business conditions.
Competitive Edge Services (CES) offers a range of IT assurance services that provide detailed analyses of network controls, risk factors, and processes.
Section 404 of the Sarbanes-Oxley Act of 2002 requires annual evaluation and reports on the effectiveness of an organization’s internal controls on financial reporting. Auditors must attest to and report on the internal control assessment of the management team. As automated systems are included in the internal controls, Information Technology (IT) and Information Systems (IS) have been incorporated into the annual audit (albeit, often reluctantly).
General IT Controls are now part of the annual audit. Unfortunately, most technology professionals are not familiar with the rigors of such an audit, and the documentation and evidence needed for support. Your IT partner must have the right education and understanding to scope the work that is truly needed without including more than is required.
It is important to remember that, due to professional conflict of interest, the technology auditors who perform the audit are prohibited from helping an organization prepare.
CES has extensive experience working with the Big 4 auditors. CES will prepare the appropriate assessment, documentation, and testing needed to meet the General IT Controls requirements.
Our IT Risk Assessment provides your organization with a detailed report of identified risk areas within the IT function. The report identifies risks, then rates and classifies them based on the potential impact to the organization. It also identifies the potential threats to high risk areas and documents the existing control put in place to mitigate those risks. As part of the process, recommendations are made for additional controls and security measures, where needed, as well as a proposed testing methodology and schedule.
Our Vulnerability Assessment is the process of identifying technical vulnerabilities in a company’s hardware, software, and networks. In addition, weaknesses in policies and practices relating to the operation of these systems are addressed. The process involves the systematic examination of an entire Information System (IS), or a specific component, to determine the adequacy of security measures and to identify security deficiencies. A report is then generated that details the identified and confirmed vulnerabilities, and provides recommendations for their remediation.
For more information, contact CES at info@ceservices.com or phone 508-983-1990.
