Your Internal Controls, LLC services Fortune 500 companies, Accounting Firms, Consulting Firms, Federal agencies, as well as state/local government. We specialize in internal controls, specifically Information Technology related.

The Federal industry has seen a plethora of standards with regards to internal control compliance. The CFO Act of 1990 and the Accountability of Tax Dollars Act of 2002 require annual financial statement audits affecting most of the executive arm of the United States Government. For each of those financial statement audits, testing of internal controls must be performed for all material line items supporting the financial statements. Those internal controls tests must be in accordance with a host of other standards depending on the type of agency (e.g. OMB, GAO, NIST, and other Congressional legislature such as the Improper Payments Information Act, and others).

Also, the Federal Information Security Management Act (FISMA) requires many agencies to comply with an array of security requirements. Those agencies must take an inventory of their systems and categorize them in accordance with FIPS-199. Once this is performed, testing should occur in accordance with NIST 800-53. The amount of documentation and testing to complete a Certification and Accreditation (C&A) package is enormous and can sometimes be challenging to federal agencies. The amount of controls that must be documented in the Security Plan and later tested in the Security Test and Evaluation can be overwhelming. Your Internal Controls has extensive experience in auditing, developing, and reviewing C&A packages. Lastly, there are also many privacy requirements placed on agencies. If a federal agency has a system with one of several Personally Identifiable Information (PII) elements and it can be traced to a person, then this data is commonly referred to as Information in Identifiable Form (IIF). If an agency has a system with IIF, then a Privacy Impact Assessment must be conducted and be in compliance with not only the Privacy Act of 1974, but an array of other OMB Memorandums surrounding privacy. Your Internal Controls has written and tested many Privacy Impact Assessments, as well as performed extensive Privacy audits.

The corporate environment has seen significant changes with regards to Sarbanes-Oxley, as well as the new SAS 103-112 standards requiring testing of internal control. The Sarbanes-Oxley Act requires additional testing for management as well as external auditors. The recent SAS standards (SAS 103 through 112) supersede SAS 55, which previously indicated that control risk could be assessed at maximum without testing internal controls. With the new SAS standards (which apply to all financial statement audits), the external auditors will no longer be able to assess control risk at the maximum without internal controls testing. The standards also introduce more detailed testing relating to Information Technology. Lastly, corporations may desire an internal controls specialist to perform various other IT services such as assessing perimeter security (e.g. Firewalls, Intrusion Detection, etc.), privacy compliance, Fraud prevention and detection, documenting Policies, and more. It is advantageous to employ the assistance of a firm that specializes in internal controls.

The Accounting and Consulting firms supporting the industry have seen unparalleled growth in their service demands. Accounting and Consulting firms have been trying to meet the demands of the industry with regard to internal controls testing (Corporate and Federal). With this increase in demand, it is advantageous to utilize the skill sets of a firm that specializes in Internal Controls.