The user organizations outsource technology and business processes to service organizations but continue to responsible for risks. The user organization needs increased assurance over the confidentiality, availability, and integrity (CIA) of the service organizations control environment as well as capability to comply with new regulations and compliance requirements.
The IT Attestation practice is designed under Statement of Standards for Attestation Engagements (SSAE) No. 16 and Attestation Engagement under AT Section 101 (AICPA Professional Standards) helps satisfy third-party risk and compliance assurance requirements and demonstrate the confidentiality, availability, and integrity of service organization’s control environment by Reporting on Control at a Service Organization.
IrisLogic have techno functional qualified CPAs and CISAs to perform audits such as SSAE 16 – SOC1 and SOC2, and ITIL reviews. The skills are useful for auditing compliance with statutory requirements and compliance audits such as PCI, ISO, etc.
Due to ever increasing complexity of technologies and in turn IT Audit function , there is a need for several specialized IT auditors with expertise in specific areas, and IT internal audit departments are finding it difficult to staff IT auditors.
IrisLogic services include:
The IrisLogic team provides service to support review of internal controls over financial reporting required under SOX, security review reports, processing integrity report, and privacy reports using Trust Service Principles, and by performing agreed upon procedures. The specific study performed includes readiness assessment, gap remediation, and preparing corporation to comply with SSAE – SOC1 and SOC2 requirements.