Business Process Assurance Services

Our Business Process Assurance Group assists clients in increasing the reliability and consistency of information produced by their business processes and IT systems. Our practice assists companies in establishing processes and controls necessary for assurance of information reported to both internal and external stakeholders.

We work with clients to understand and address the challenges related to Sarbanes-Oxley (SOX) compliance and the recent regulatory changes resulting from the JumpStart Our Business Startups (JOBS) 2012 act.

Additionally, we work with clients providing outsourced or cloud computing, to evaluate their Service Organization Controls defined within the guidelines of the recently revised AICPA SSAE 16 standards.

The importance of internal controls crosses multiple industries and is applicable to companies of many sizes and our services are tailored to your business needs.

Sarbanes-Oxley (Section 404) Compliance

Internal Controls over Financial Reporting (IFRC) for companies interested in improving their control structure and including companies that are required to do so based on Sarbanes-Oxley (SOX) requirements. Learn More…

Essential Control Assessment, a quick and painless assessment of an organization’s internal controls, focused on those controls essential to address risks to accurate internal and external financial reporting as well as fraud. Download PDF

SOX Readiness will lay the foundation and provide a road-map to your company’s regulatory compliance requirements and effective corporate governance. Download PDF

Zero to SOX, a risk-focused approach to SOX compliance by specifically identifying, implementing and monitoring those internal controls that enable management to achieve these regulatory requirements with confidence as well as practice good corporate governance. Download PDF

Information Technology General Control (ITGC) services to cover the standard for financial statement audits as well as to assist our clients improve controls over this evolving risk area.

Service Organization Control Reporting (SOC)

The AICPA has recently revised the standards (previously known as SAS70) to differentiate between controls that are related to financial reporting (known as the SOC 1/SSAE 16 report), and those that relate to trust principles of Security, Availability, Processing Integrity, Confidentiality and Privacy (known as a SOC 2/SOC 3 reports). For SOC 1, SSF will provide professional, independent verification of your internal controls and assure that they meet the SSAE 16 standard. And for SOC 2 & 3, we will work with your team to make sure you’ve taken the steps necessary to protect the privacy and confidentiality of your customers’ data as well as the security, availability and processing integrity of your systems.Learn More…

SOC Primer, evaluate your needs and determine which SOC reporting option(s) will best serve your business and your clients. Download PDF

SOC Readiness assists organizations in determining their readiness to undergo a successful SOC 1, 2 or 3 assurance engagement. Download PDF

Webtrust for CA

To increase consumer confidence in the Internet as a vehicle for conducting e-commerce and to increase consumer confidence in the application of PKI technology, the public accounting profession has developed and is promoting a set of principles and criteria for CAs, referred to as the Trust Service Principles and Criteria for Certification Authorities. Sensiba San Filippo, licensed by the AICPA, provides assurance services to evaluate and test whether the services provided by a particular Certification Authority meet these principles and criteria. The posting of the WebTrust Seal of assurance is a symbolic representation of an SSF unqualified report.

HIPAA Compliance

SSF’s HIPAA/HITECH Alignment Services are research-driven information security that delivers alignment, clarity and confidence to clients. This offering is intended for business associates that need to address the Health Information Technology for Economic and Clinical Health (HITECH) provisions and OCR HIPAA Audit Protocol requirements.  More info.

ISO 27001 Compliance

This international Code of Practice is the standard for establishment, implementation, control and improvement of the information security management. Our team can initially start with a readiness evaluation or jump directly to a certification assessment based on your company’s needs. With this certification your company can demonstrated that your ISMS is of a level currently considered globally to represent best practice.

Additional Services

Complex Accounting Issue Consulting to assist in analyzing, researching and preparing amounts for reporting in your annual financial statements as well facilitating documentation and support necessary for your external auditors. Download PDF

Financial Statement Audit Readiness Assessment to assist organizations in determining their readiness to undergo a successful Financial Statement Audit whether it’s with SSF, a Big 4, or regional public accounting firm as the auditor. Download PDF

Financial Due Diligence can provide a myriad of services to assist buyers or sellers in facilitating an efficient due diligence process. Download PDF

CFO’s Financial Audit Survival Kit (PDF Download)

Share This