Risk Services
Companies have an ever increasing need for risk management functions, including internal audit, corporate governance, fraud detection and information technology vulnerability assessment services. With the passage of the Sarbanes-Oxley Act of 2002, the need for these services has risen significantly.
Our Risk Services group is designed to assist companies with the identification of risks that might have a significant impact on their business operations, including financial, operational and compliance risks, and to assist the companies with developing sound, cost-effective controls to mitigate those risks. We can work with companies as their outsourced or co-sourced providers. We can also work with companies in a consultative capacity to provide services that will improve existing internal audit, information technology and risk management functions.
We have significant experience with numerous public and private companies in various business industries. We will be able to utilize our experience and tools to provide services to you to improve your risk management functions.
Payment Card Industry Compliance (PCI)
LBMC can be your one-stop provider for compliance with the PCI DSS, and information security related to your payment operations in general. We can help you to achieve compliance with the Data Security Standard and we are recognized as QSA by PCI SSC to perform compliance assessments. The LBMC team has a tremendous level of compliance experience focusing on FISMA, SOX, HIPAA, ISO 27001 and PCI.
Sarbanes-Oxley 404 Assistance
The Sarbanes-Oxley Act presents a number of challenges for public companies, both initially and on an ongoing basis. Most public companies are still struggling to determine the most cost-effective way to address the new requirements. You have to address risk assessment, the documentation of systems and processes and the related internal controls, evaluation of the internal control design, the development and execution of internal audit plans to test the operating effectiveness of the controls, as well as the reporting of results.
Click here to read more about our Sarbanes-Oxley services.
The process takes expertise in accounting and auditing, internal auditing, technology, and human resources. Just as importantly, it also takes time.
LBMC can help. We can be an outsourced solution to work with your in-house coordinator to drive the entire process, or we can simply assist you with the areas where you need to supplement your internal resources. If an internal solution is more appropriate for you, our staffing group can also provide contract staff or help you hire the necessary permanent employees.
We understand that every company will approach Sarbanes-Oxley differently, and these individual approaches will change over time. We want to offer you the flexibility to help you through the process using whatever approach works best for you.
Internal Auditing
Companies have an ever increasing need for risk management functions, including internal audit, corporate governance, fraud detection and information technology vulnerability assessment services. With the passage of the Sarbanes-Oxley Act of 2002, the need for these services has risen significantly.
Our Risk Services group is designed to assist companies with the identification of risks that might have a significant impact on their business operations, including financial, operational and compliance risks, and to assist the companies with developing sound, cost-effective controls to mitigate those risks. We can work with companies as their outsourced or co-sourced providers. We can also work with companies in a consultative capacity to provide services that will improve existing internal audit, information technology and risk management functions.
We have significant experience with numerous public and private companies in various business industries. We will utilize our experience and tools to provide services to you to improve your risk management functions.
IT Assurance Services
Security threats and vulnerabilities are a fact for every organization today, creating risks that must be controlled and managed. Many organizations are overwhelmed or unaware of what risks they face or how well they manage them.
LBMC provides a wide variety of IT security services to help clients identify, assess, and manage business and technical security risks. These assessments may be aimed at specific areas of the business, a certain regulation, or on enterprise wide risks. LBMC offers clients competitive rates and expert technical capabilities. Our services include:
- Risk assessments - utilizing leading security risk assessment methodologies to identify business and technology risks, and can be based on standards such as COBIT.
- Vulnerability assessments - Our testing is conducted by security experts that can think outside the box. Assessments are designed to identify and prioritize vulnerabilities in the client's environment.
- Security assessments - Need to review the security specific to a technology? We can assess and recommend best practices for areas such as, wireless, network, email, applications, firewalls, and O/S.
- External and internal penetration testing
- Regulatory compliance reviews - HIPAA, GLBA, SOX
- Enterprise security reviews -designed to assess security across the enterprise, encompassing many aspects of vulnerability assessments but on a wider scale. Security threats, vulnerabilities, and exposures face every organization today creating risks that must be controlled and managed. Often organizations do not know what risks they face or how well they manage them.
- PCI Security Scans (Visa/MasterCard) - LBMC is a certified vendor to perform external security assessments for merchants who process Visa or MasterCard. We also offer a full range of security consulting to help with all aspects of the PCI security process, including onsite assessments.
SAS 70 Engagements
Service organizations that perform key services and/or provide data processing on an out-sourced basis are often asked by their customers for a SAS 70 report. Regulations such as Sarbanes-Oxley and others have increased the demand for these audits.
Simply put, SAS 70 audits are performed by CPAs ("service auditors") and provide assurance to the service organization's customers and their auditors that certain controls identified in the SAS 70 report are adequately designed and are operating effectively. These audits are divided into two classifications, Type I and Type II. A Type I can be considered a "point-in-time" audit, whereas a Type II engagement looks at the operating effectiveness of the identified controls over a period of time (usually at least six months).
LBMC has performed SAS 70 audits for:
- Data center and hosting services providers
- Benefits administrators
- Medical claims TPAs
- Application service providers
- Other service providers various industries
- The coverage and quality of SAS 70 reports can vary significantly from one service auditor to another. It is important to work with a service auditor who is knowledgeable and experienced in identifying, testing, and reporting on the types of controls that are important to the service organization's customers and their auditors.
Our multi-disciplined teams at LBMC have the financial and information systems auditing experience to ensure that companies undergoing a SAS 70 audit realize true benefits of the auditing process.
Security Services
LBMC provides a full array of information security services designed to help protect your most valuable assets – your employees, your clients and your information. By utilizing a security services organization, companies have the confidence that they are safeguarding themselves against potentially embarrassing and costly problems. Whether your business already has an information security process in place or you are working toward securing your program environment, LBMC can assist you.