Understanding FedRAMP: Cloud Service Provider’s Top 4 Questions Answered

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services As an information security and audit firm focused on the compliance needs of service providers, A-LIGN’s accreditation as a FedRAMP third party assessment organization (“3PAO”) is a natural fit with our existing service offerings. Since becoming a FedRAMP 3PAO, we have noticed a trend in client calls stating their customers are inquiring about FedRAMP or that FedRAMP is being discussed during the sales cycle with prospective customers. With that being said, I thought it would be beneficial to outline the most common FedRAMP questions we have received with detailed responses.

Read More

Webinar: “Countdown to Compliance: What you need to know for PCI 3.0”

A-LIGN to present, "Countdown to Compliance: What you need to know for PCI 3.0" on Tuesday, December 10, 2013, from 2:00-3:00 pm EST. Gene Geiger, Director of A-LIGN Security and Compliance Services, will provide highlights of the changes in the standard from PCI DSS Version 2.0 to 3.0, the required implementation timeline and how organizations should approach these changes.

Read More

How Subservice Organizations Impact SSAE 16 Reports

By: Scott Price, Managing Partner of A-LIGN Determine whether your SSAE 16 Report is saving your client money or costing them! With year-end financial audits fast approaching, your clients will soon be requesting your SSAE 16 report. Why? This is because your SSAE 16 reports will allow your client’s financial auditors to determine if they need to perform additional testing or if they can utilize the report for their year-end financial audit. If the latter option happens to be this case, your SSAE 16 report will save your clients both time and money. Now, aren’t you efficient?

Read More

PCI Data Security Standard Version 3.0 – Breakdown of Changes to Anticipate

By: Gene Geiger, Partner of A-LIGN Following the 36 month lifecycle the PCI Security Standards Council (“Council”) has established for the published standards, Version 3.0 of the PCI Data Security Standard is in the final stages before it will be released on November 7, 2013. Through several webinars and documents provided to stakeholders, the Council has provided information on the final draft in order to receive feedback at the 2013 Community that will be held in Las Vegas September 24 – 26. The core twelve requirements remain the same, but after a review of the changes and guidance provided by the Council, the change to Version 3.0 is more comprehensive than we experienced with previous version changes. However, due to the impact of these changes and the time it may take to fully comply with the requirements of Version 3.0, Version 2.0 may be used for assessment until December 31, 2014. Nonetheless, the Council encourages adoption of Version 3.0 as soon as practical.

Read More

Webinar: “CFPB Examination – Getting Your Agency Ready!”

A-LIGN to present webinar entitled, “CFPB Examination - Getting Your Agency Ready!” on Tuesday, October 1, 2013, from 1-2 p.m. EST. The presentation will provide a high-level overview of the key areas that collection agencies should focus on as they prepare for the CFPB Examination.

Read More

A-LIGN will participate in Junior Achievement’s (JA) Pep Rally at the Alley Bowl-A-Thon

A-LIGN will participate in Junior Achievement’s (JA) Pep Rally at the Alley Bowl-A-Thon on November 9, 2013. Junior Achievement’s annual Bowl-A-Thon is a fundraising event to encourage companies to participate and support in the funding of JA’s programs, which focus on mentoring students, K-12th grade, in the areas of work-readiness, entrepreneurship and financial literacy skills. A-LIGN is proud to employ some of the most talented professionals in the industry who also dedicate their skills and talents to our community. Scott Price, A-LIGN’s Managing Partner, has been a dedicated board member of Junior Achievement for the past 11 years.

Read More

Payroll Company Controls: From an Internal and External Perspective

By: Sue Wells, Senior Consultant at A-lign CPAs Internal Controls vs. External Controls – What are we talking about? For a payroll company, many of the controls that are executed on a daily basis are designed to ensure that the payroll company’s client’s financial reports will not be mis-stated, and that the information gathered from and generated on behalf of clients will be “protected” from mis-handling, both electronically and manually.  These controls are considered to be “externally” focused and are primarily designed to benefit the payroll company’s client, and as such, will typically be what you see described and examined in SSAE 16 audits.

Read More

CFPB Examination Frequently Asked Questions

By: Sara McLane, Senior Consultant at A-LIGN During the ACA Int’l Conference last week, we answered many questions regarding the CFPB exam and what offerings we, as an independent third-party audit firm, can provide the ARM industry in preparation for the highly anticipated exam. Below is a list we have compiled of the most frequently asked questions regarding the actual CFPB Examination and A-LIGN’s Readiness Assessment Services:

Read More

Updates to the COSO Internal Control – Integrated Framework: Breakdown of What it Means for Management

By: Scott Price, Managing Partner of A-LIGN On May 14, 2013, COSO’s board issued an updated version of its “Internal Control – Integrated Framework,” originally published in 1992. The updated Framework incorporates input from various organizations, including the American Institute of Certified Public Accountants, the Institute of Internal Auditors, public accounting firms, and regulators. The revised Framework was provided as an effort for entities to reduce risk, improve compliance, and strengthen internal control.

Read More

Managed Service Providers: Understanding which Compliance Audit is Right for You

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services As a provider of managed services, your customers are entrusting you with the responsibility for some of the controls that could impact the integrity, availability and confidentiality of their data. Although they transfer the responsibility for the controls, the ultimate accountability remains with your customers and in most cases they will request evidence that appropriate controls are in place to protect their data. As a managed services provider there are several options that you can pursue to provide this evidence.

Read More