Technology touches every aspect of your business, from financial systems to your smart device, to the computers on your employees’ desks. It’s critical that you manage and mitigate your risk around technology in order to safeguard your assets.
Clark Nuber can help. We specialize in IT audits, process improvement reviews, service organization controls reporting (SOCR), compliance readiness assessments, and fraud reviews and litigation procedures. We will work alongside your organization to prepare and deliver IT services that are leverageable, repeatable, transferable, and sustainable for your management team and your external requirements.
Our services include:
- IT Audits. It takes a whole suite of controls to run a business, but time brings changes to how business is conducted, and business processes and supporting IT systems need to adapt before controls become inefficient or outdated. We can take an all-inclusive look at your finance and IT internal control landscape and streamline each process so you get maximum leverage from the design and operation of both manual and system-based controls. The outcome: a Risk & Control Matrix (RCM) document and testing work book that give you a simple and practical dashboard to help manage your business.
- Service Organization Controls Reports (SOC 1, 2, and 3). Clark Nuber can prepare any of the three SOC reports. Reports are appropriate for organizations that perform a financial reporting function or handle sensitive information such as financial institutions, retirement plan record keepers, payroll service providers, data centers, Internet service providers (ISPs), and software as a Service (SaaS) providers.
- Gap analysis – Clark Nuber can help you assess the range and quality of controls in your organization prior to a SOC reporting examination. By addressing gaps, you can increase your compliance with the reporting standards and get a better result from the examination.
- SOC 1 (SSAE 16): Tests of internal controls over a financial reporting function.
- SOC 2: Tests the operation of your controls against the Trust Services Principals five areas: security, availability, processing integrity, confidentiality, and privacy.
- SOC 3: An engagement which produces a report in the form of an executive summary that outlines information related to a service organization’s internal controls across their chosen trust service principles.
- Microsoft Supplier Security and Privacy Assurance (SSPA) Services. Certain Microsoft suppliers that collect, use, distribute, access or store Microsoft Personal Information or Sensitive Information will need independent, third-party confirmation of compliance with Microsoft Supplier Data Protection Requirements. If you qualify for this third-party confirmation requirement, we can help. Our team can examine and test your company’s records and procedures for compliance with Microsoft Supplier Data Protection Requirements. The examination would be conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. At the end of the engagement, you will be provided a Letter of Attestation as proof of compliance.
- Security Reviews. We offer Penetration Testing and Vulnerability Assessments that can identify specific risks to your business systems and data and provide proven mitigation strategies. You would essentially be hiring trusted “white hat” hackers to break into your network and then show you areas of vulnerability before a malicious attacker can perpetrate the same attack.
- IT Consulting. Clark Nuber has a range of reports such as current state vs future state gap reports, control mapping, IT compliance readiness assessments and process re-engineering or improvement reviews to help your organization achieve the next level of strategic growth.
- Cybersecurity and Risk Assessments. It is now considered mandatory for every board to have a member who can report on the company’s IT operations, risk profile and cybersecurity countermeasures that are being used throughout the organization. We can facilitate an information session where we map out your risks and then provide a cybersecurity road map. We will customize this map to suit your needs, risk exposure and digital presence in the market.
- Management Report Baselining. Many external auditors ask that any report relied upon by management for reporting financial transactions be independently validated. We can help you create a report index that ranks your key reports, then baseline those reports for accuracy and completeness. This can be done at the code or system query level and delivered in a template that is easily repeatable for future requests from external auditors.
Clark Nuber is committed to establishing a trusted IT consulting relationship with our clients, providing exceptional technology capability and strong business and IT process insights. We promote a highly collaborative and transparent work product that is supported by a project management style to deliver up-front recommendations. Our aim is to help you identify and mitigate the risks your organization is facing so you can capitalize on the opportunities in front of you.
For more information, contact us.