All public companies must comply with federal regulations, such as Sarbanes-Oxley, which  emands that companies ensure the accuracy and integrity of corporate financial reporting.

For many firms, their business is built on a foundation of customer trust regarding the reliability of their data; therefore, compliance is often more than a legal obligation.

OnlineSecurity's Pre-Audit Risk Assessment Service evaluates the financial systems in an IT environment for potential misuse by privileged users and the inadvertent or intentional modification of financial data. Incorporating a review of internal controls, the Risk Assessment determines whether the IT infrastructure satisfies regulatory requirements as well as the expectations of your clients.

Service Description:
The follow components comprise a Pre-Audit Risk Assessment:

POLICY & PROCEDURE REVIEW
The assessment's first priority is a review of the IT Security Policies and Procedures affecting the financial systems. Incorporating targeted interviews, the objective is to discover how corporate users relate to IT systems in the financial reporting process, and how they can affect control of the security of those systems.

IT INFRASTRUCTURE REVIEW
An evaluation of the infrastructure that comprises the IT systems in the financial reporting process, its state "on paper", actual state, data flow, and retention process. In this context, the following broad areas are addressed:

• Network Infrastructure
• Application Environment
• Backup Environment
• Access Control and Sign On Privileges

DEVELOPMENT & DEPLOYMENT PROCESS REVIEW
Objectives and Determinations:

• What future changes are expected and how they would affect the current system
• How new systems are deployed in stream and their potential effect on the reporting process
• May include the life cycle of new technological developments and/or deployments that can impact financial reporting data

VULNERABILITY DISCOVERY
Focused exercises in the form of penetration testing executed from "outside" the financial reporting stream and testing important internal controls and areas that should have controls.

Deliverables
The above activities accrue a body of knowledge from our probe of your firm’s IT Infrastructure and its impact on the internal controls for financial reporting. Analysis is conducted to delineate and identify potential or evident weaknesses, significant weaknesses, and material weaknesses in the IT Infrastructure. It is possible that this first look will not reveal enough detail to adequately know all the strengths or weaknesses. Areas requiring additional discovery will also be identified.

The Findings Report will detail the content and outcomes of both the interviews and testing processes.

The report will include a detailed baseline of weaknesses, our opinion, and recommendations, both for strengthening those weaknesses, and for further investigation or prospective auditing.

Contact
Phone:  310-815-8855 ext 212 / Fax:  310-815-8808 / Email: info@onlinesecurity.com