Internal Audits & SOX

Internal Audits & SOX

Internal Audit Co-sourcing & Outsourcing

An effective internal audit function will help in mitigating business risks while enhancing organizational performance. However, small and large companies do not always have the time and resources to implement and maintain an internal audit function, while others have not optimized their internal audit’s capabilities.

We can help you bridge these gaps either through a co-sourced (a targeted approach) or a fully outsourced operating model. Our team will deliver a skilled assessment of existing business processes and internal controls. Based on our review of the existing business processes and associated controls, we will make recommendations to improve efficiency, reduce risk and maintain regulatory compliance.

Internal Control Guidance and Thought Papers

COSO – PDF

Sarbanes Oxley Advisory Assistance

The Sarbanes-Oxley Act of 2002 (SOX) was designed to improve the accuracy and reliability of financial reporting.

Our team has the expertise to evaluate if your current internal controls meet the financial requirements to be SOX compliant. We specialize in providing the required management level internal controls system documentation, conducting the annual management level testing of controls, and coordinating all SOX compliance activity with your external financial statement auditors.

bt_bb_section_bottom_section_coverage_image

SOC reports

A SOC 2 report is an attestation report issued by an independent Certified Public Accounting (CPA) firm, which opines on the design or operating effectiveness of a service organization’s controls and whether one or more of the following five (5) defined criteria and/or principles have been achieved: security, availability, processing integrity, confidentiality and/or privacy.

  • The SOC 2: AT101 (SOC 2) report is most useful for service organizations whose clients do not necessarily rely on the reported controls for financial reporting purposes, but depend on their service organization’s ability to maintain a controlled environment; formerly a SAS 70 report was issued for such service organizations. The SOC 2 report demonstrates to a service organization’s clients the ability of the organization to be independently assessed against one or more of the five (5) AICPA Trust Services Principles:
  • Security: The system is protected against both physical and logical unauthorized access.
  • Availability: The system is available for operation and use as committed or agreed.
  • Processing Integrity: System processing is complete, accurate, timely, and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice and criteria set forth in Generally Accepted Privacy Principles issued jointly by the AICPA and the CICA.

A SOC 2 report, in addition to one or more of the AICPA Trust Services Principles, may also include criteria defined by management, industry standards or third parties. The criteria must meet the following basic characteristics:

  • Objectivity
  • Measurability
  • Completeness
  • Relevance

The Advanced team provides three main types of SOC 2 Services – SOC 2 Readiness Assessments, Type 1 examinations, and Type 2 examinations. These services can be described as follows:

  • SOC 2 READINESS ASSESSMENT:The objective of a SOC 2 Readiness engagement is to conduct a preliminary assessment and provide guidance that will empower the service organization to successfully prepare for, and achieve, an unqualified opinion on a SOC 2 Type 1 or Type 2 examination (see below). This is accomplished assisting management in selecting relevant control principles, identifying control gaps related to the achievement of control principles for the services being audited, then by providing specific, actionable guidance for improving and maintaining the system of controls. The key deliverable from this engagement is a listing of controls and gaps that detail the elements required to obtain a clean opinion.
  • SOC 2 TYPE 1 EXAMINATION SERVICES:The objective of a SOC 2 Type 1 examination conducted by Advanced is the expression of an opinion about whether the control principles have been effectively designed to meet the requirements defined in the control principles. The engagement is conducted in a manner that establishes the design of the system of controls as of a point in time, and to assist the service organization in improving the capability maturity of its core processes (and ultimately to be prepared to pass a SOC 2 Type 2 examination). The deliverables from the engagement include an Internal Project Monitoring document and a SOC 2 Type 1 report.
  • SOC 2 TYPE 2 EXAMINATION SERVICES:The objective of a SOC 2 Type 2 examination conducted by Advanced encompasses the objectives of a SOC 2 Type 1 examination, and additionally includes an expression of an opinion about whether controls were operating effectively to meet the requirements of the control principles during a specific period of time. The engagement is conducted in a manner that promotes continuous process improvement, and adaptation to changing circumstances in regards to the industry and user organization expectations.
  • AICPA link – Statements on Standards for Attestation Engagements
  • SOC Comparison – PDF

Consistency

Podcasting operational change management inside of workflow.

Improvement

Dynamically innovate customer service for state of the art customer.

Branching

Pursue scalable customer service through sustainable potentialities.

Investment Plan

Appropriately empower dynamic leadership skills after business portals.
bt_bb_section_bottom_section_coverage_image
MORE THAN JUST BUSINESS

Great Clients
Awesome Reviews

Phosfluorescently engage worldwide methodologies with web-enabled technology. Interactively coordinate proactive e-commerce via process-centric outside the box thinking.

Collaboratively administrate empowered markets via plug-and-play networks. Dynamically procrastinate B2C users after installed base benefits. Dramatically visualize customer directed convergence without revolutionary ROI.

https://heritageadvisorscpa.com/wp-content/uploads/2019/04/img-quote-03-160x160.jpg
JOANNA PRESTLEY

HSBC Bank

Efficiently unleash cross-media information without cross-media value. Quickly maximize timely deliverables for real-time schemas. Dramatically maintain clicks-and-mortar solutions without functional solutions.

https://heritageadvisorscpa.com/wp-content/uploads/2019/04/img-quote-01-160x160.jpg
BRADLEY SMITH

Miller Automation

Completely synergize resource taxing relationships via premier niche markets. Professionally cultivate one-to-one customer service with robust ideas. Dynamically innovate resource-leveling customer service for state of the art customer service.

https://heritageadvisorscpa.com/wp-content/uploads/2019/04/img-quote-06-160x160.jpg
PRISCILLA JACKSON

WA Solutions

Objectively innovate empowered manufactured products whereas parallel platforms. Holisticly predominate extensible testing procedures for reliable supply chains. Dramatically engage top-line web services vis-a-vis cutting-edge deliverables.

https://heritageadvisorscpa.com/wp-content/uploads/2019/04/img-quote-02-160x160.jpg
COLLIN LEBLANC

McIntire Industries

Proactively envisioned multimedia based expertise and cross-media growth strategies. Seamlessly visualize quality intellectual capital without superior collaboration and idea-sharing. Holistically pontificate installed base portals.

https://heritageadvisorscpa.com/wp-content/uploads/2019/04/img-quote-05-160x160.jpg
LILAH CHANG

Hotel Berg

Phosfluorescently engage worldwide methodologies with web-enabled technology. Interactively coordinate proactive e-commerce via process-centric “outside the box” thinking. Completely pursue scalable customer service.

https://heritageadvisorscpa.com/wp-content/uploads/2019/04/img-quote-04-160x160.jpg
JUSTIN EMERSON

Applauz Startup