A-LIGN will participate in Junior Achievement’s (JA) Pep Rally at the Alley Bowl-A-Thon

A-LIGN will participate in Junior Achievement’s (JA) Pep Rally at the Alley Bowl-A-Thon on November 9, 2013. Junior Achievement’s annual Bowl-A-Thon is a fundraising event to encourage companies to participate and support in the funding of JA’s programs, which focus on mentoring students, K-12th grade, in the areas of work-readiness, entrepreneurship and financial literacy skills. A-LIGN is proud to employ some of the most talented professionals in the industry who also dedicate their skills and talents to our community. Scott Price, A-LIGN’s Managing Partner, has been a dedicated board member of Junior Achievement for the past 11 years.

Read More

Payroll Company Controls: From an Internal and External Perspective

By: Sue Wells, Senior Consultant at A-lign CPAs Internal Controls vs. External Controls – What are we talking about? For a payroll company, many of the controls that are executed on a daily basis are designed to ensure that the payroll company’s client’s financial reports will not be mis-stated, and that the information gathered from and generated on behalf of clients will be “protected” from mis-handling, both electronically and manually.  These controls are considered to be “externally” focused and are primarily designed to benefit the payroll company’s client, and as such, will typically be what you see described and examined in SSAE 16 audits.

Read More

CFPB Examination Frequently Asked Questions

By: Sara McLane, Senior Consultant at A-LIGN During the ACA Int’l Conference last week, we answered many questions regarding the CFPB exam and what offerings we, as an independent third-party audit firm, can provide the ARM industry in preparation for the highly anticipated exam. Below is a list we have compiled of the most frequently asked questions regarding the actual CFPB Examination and A-LIGN’s Readiness Assessment Services:

Read More

Updates to the COSO Internal Control – Integrated Framework: Breakdown of What it Means for Management

By: Scott Price, Managing Partner of A-LIGN On May 14, 2013, COSO’s board issued an updated version of its “Internal Control – Integrated Framework,” originally published in 1992. The updated Framework incorporates input from various organizations, including the American Institute of Certified Public Accountants, the Institute of Internal Auditors, public accounting firms, and regulators. The revised Framework was provided as an effort for entities to reduce risk, improve compliance, and strengthen internal control.

Read More

Managed Service Providers: Understanding which Compliance Audit is Right for You

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services As a provider of managed services, your customers are entrusting you with the responsibility for some of the controls that could impact the integrity, availability and confidentiality of their data. Although they transfer the responsibility for the controls, the ultimate accountability remains with your customers and in most cases they will request evidence that appropriate controls are in place to protect their data. As a managed services provider there are several options that you can pursue to provide this evidence.

Read More

Why Payroll Companies are Subject to a SSAE 16 Examination

By: Scott Price, Managing Partner of A-LIGN Classification First, lets get down to the basics.  Payroll companies are classified as “classic” service organizations.  This is due to the fact that payroll companies typically use the same processes, procedures, controls, and systems to process payroll for a variety of companies.

Read More

Comprehend Compliance: A-LIGN Speakers are Available for your Next Event!

Looking for qualified compliance professionals to speak at your next event? A-LIGN is pleased to offer speakers who are strictly focused in the regulatory compliance arena and posses extensive knowledge in the following industries: payroll, collections, healthcare, data and information management.

Read More

Ask A-LIGN: When receiving our first SSAE 16 audit, if the auditors find minor mistakes, will we have the opportunity to correct them?

By: Scott Price, Managing Partner of A-LIGN Answer: I hear this question often and, my answer is, “it depends.” I realize this is not the response most of you were hoping for, but I will elaborate. If your audit is a Type 1 SSAE 16, you can elect to have the review date of the report dated for when the service organization has remediated all deficiencies found in the controls. This is one of the main reasons why service organizations like to start with a Type 1 audit. However, in the same breath, the user community sees the limitations of a Type 1 since it only gives assurance at a specific point in time. It is a snapshot.

Read More

New HIPAA Rules: Impact on Business Associates

As I read the “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules” recently released by the Department of Health and Human Services, I struggled to think how to summarize the 563 page PDF document into a meaningful summary for A-LIGN’s clients.  The title alone is a paragraph long.  A large part of the document is minutia that is not relevant for the everyday conversation on how to protect electronic protected health information (“ePHI”) but there are some key points and clarifications that are made which I believe should be understood by our clients.  As a provider of audit, compliance and security services primarily to companies defined as service organizations or service providers, I will focus on two key points that impact service organizations that handle ePHI, applicability and liability.

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to guide the Qualified Security Assessors (“QSA”) that are tasked with performing the validation assessments.

Read More