The need to comply with new rules and compliance standards have placed special emphasis on the accountability for internal controls and risk management practices. Blum Shapiro Consulting can help you understand the weaknesses of your internal controls, then create a roadmap for improvement that links internal controls with corporate governance. Some of our Process Controls and Risk Assessment services are:

Internal Control Assessment

At Blum Shapiro we have developed a methodology and testing approaches for the internal control environment that identify the strengths and weaknesses of current controls and processes. This provides you with the insight to focus on risk areas and proactively assure directors and shareholders risks are mitigated. We help to refine and revise the current processes, procedures and protocols.

Assessment of Business Risks

We facilitate sessions with your organization's executive management, board and other personnel to identify, assess and evaluate key business risks. Our in-depth review and report quantifies the information gathered from these sessions including a discussion of existing controls to mitigate the major risks. This risk assessment provides a plan for your ongoing monitoring and review of your company's internal control processes.

Gramm-Leach-Bliley Act Compliance

The Gramm-Leach-Bliley Act (GLBA) Data Protection Rule requires organizations in various industries (i.e. banks, financial institutions, automobile dealerships) to implement and maintain an Information Security Program designed to insure the security and confidentiality of customer information.  Blum Shapiro Consulting is aware of the challenges that the GLBA Data Protection Rule can pose to a company. Our Certified Information Systems Auditors can identify the exposures your company faces and how those risks can be effectively addressed.

HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that a covered entity (health plans, health care clearing houses and certain health care providers) must assure that the integrity, confidentiality and availability of the electronic health information they collect, maintain, use or transmit is protected. Unfortunately, many organizations are unclear how to attack this problem.

Blum Shapiro Consulting understands the compliance issues related to HIPAA, and has developed security compliance programs to help organizations implement security standards that support the four major areas where controls and monitoring procedures must be put into place.

• Administrative Safeguards
• Physical Safeguards
• Technical Safeguards
• Organizational Requirements

Sarbanes - Oxley and Corporate Governance

The dialogue among stakeholders, audit committees and the regulatory authorities on the role and performance of corporate governance has never been more robust or candid. While there are many new requirements to be addressed, boards aren't simply looking to comply with minimum requirements. Directors must understand these compliance issues - both financial and non-financial, therefore a comprehensive program for boards and their key committees is crucial. This is particularly true for the audit committee, which must have a deep understanding of the company's accounting and financial reporting issues in order to meet its expanding responsibilities. Blum Shapiro helps you improve corporate governance and security with the following services:

Sarbanes-Oxley compliance - Our team assists you in complying with both the Section 302, Officer Certification, and Section 404, Management Assessment of Internal Controls aspects of Sarbanes-Oxley. We work with your financial statement auditor to enable the attestation to management's assessment of the control environment. Our clearly independent role eliminates any perception of conflicts.

Corporate compliance - Blum Shapiro Consulting assists companies with the developmental, operational and monitoring phases of their overall corporate compliance program policies and procedures.

SysTrust and SAS70

SysTrust and SAS70 are the accounting profession's (AICPA) answer to concerns relating to system reliability and operational controls.  SysTrust is a standard program and process that evaluates security, availability, processing integrity, privacy, and confidentiality of a Company’s IT operations.  Using these Principles and Criteria either separately or in combination, we can offer a range of advisory and assurance services to help either clients or employers address their needs.

SAS 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report.  A Service organization is an entity that provides outsourcing services that impact the control environment of their customers.  At Blum Shapiro, we provide a SAS-70 Readiness Assessment which analyzes your business and determines how to make your business compliant with the SAS-70 standards.  This service helps guide your organization to a point where you can achieve compliance.

Operational Controls Reviews

Over the past several years, the integrity and accuracy of company processes and internal control systems used to manage information have placed new demands on these organizations.  Many companies have reached a critical milestone where an evaluation of the internal processes, operational controls and technology will help to insure complete and accurate financial and business information.  As part of these services we will assess the current workflow practices and controls used by the company to process, manage and report on key information.  We have developed a toolset that helps us map the current information and process flows of each critical functions.  This allows us to identify areas of strength and weakness within the current processes and controls of the company.

Computer Forensics and E-Discovery

Computer forensics is commonly defined as the collection, preservation, analysis, and court presentation of computer-related, electronic evidence. Courts mandate the proper seizure and analysis of computer evidence in any investigation where a computer is the means or an instrument of a crime or other offense or may contain evidence relevant to a criminal or civil litigation matter. The rising tide of computer-related intellectual property theft, security breaches, and associated financial losses mandates that information security administrators conduct or oversee proper computer forensic investigations when responding to these incidents. In addition, recent changes to the Federal Rules of Civil Procedures also mandates organizations to develop an E-Discovery program to ensure all relevant electronic information is properly protected in the event of a law suit (pending or potential). 

Blum Shapiro Consulting has computer incident and E-Discovery response procedures that include proper computer forensics protocol to properly secure, recover, and authenticate relevant computer evidence in order to facilitate its admission into a court of law. Our collection and analysis of computer evidence significantly advances criminal investigations, civil litigation matters, and corporate internal investigations helping to find critical electronic information.