Avacuna_logo

 

Compliance Assessment

It is no secret that CFOs have experienced constricted resources, less perfunctory relationships with auditors and heightened scrutiny from the board in recent years. Compliance burdens remain undiminished and will only increase in complexity given the global geopolitical nature of modern commerce and the multi-jurisdictional realities of operations in multiple capital markets. Principle-based regulatory compliance, enterprise risk management and risk assessment processes are closely examined by financial markets and listing exchanges, and ultimately reflected in corporate ratings. While the early disruptions caused by the introduction of Sarbanes-Oxley have eased, research indicates the number of regulations affecting IT over the next five years may double.

Avacuna is particularly adept at helping clients reconcile the inevitability of multiple frameworks introduced for either compliance-driven, business-driven or best practice-oriented motivations. In these instances, our proficiencies with mapping specific domains and controls from one approach to another reduces incremental cost burdens, lowers non-compliance risks, accelerates time-to-market for data with value creation potential and lowers the probability of inaccuracies. We correlate controls, domains and gap assessments independently and/or collectively for:
  • 21 CFR 11
  • Australia's Spam Act of 2003
  • Basel II
  • Bill 198 (CSOX)
  • Canada's Personal Information Protection and Electronic Documents Act
  • CLERP-9 (Australia)
  • CMMI
  • CobiT
  • COSO
  • EU Directive on Data Protection
  • EU Directive on Privacy and Electronic Communications
  • FFIEC
  • FISMA
  • France's Data Protection Act
  • FRCP (Federal Rules of Civil Procedure)
  • GBPM
  • GLBA
  • HIPAA
  • HSPD-12
  • IAIS
  • India Information Privacy Act
  • International Financial Reporting Standards (IFRS)
  • ISO 27002 (17799)
  • ITIL
  • Japan Guidelines for Personal Data Protection in Electronic Commerce
  • J-SOX (Japan)
  • Model Audit Rule (MAR)
  • NIAC
  • NIST
  • NSA
  • OMB Circ A-123
  • OPPA
  • PCI DSS
  • PMBOK
  • Prince II
  • Reg NMS
  • Sarbanes-Oxley (SOX)
  • Solvency II
  • Statement on Auditing Standards No. 70 (SAS 70)
  • SB 1386 (CA)
  • SP800-53
  • TAC 202
  • TOGAF
  • UK's Turnbull Guidance on Internal Controls
  • UN Guidelines for Regulation of Computerized Personal Data Files
  • Val IT

How We Help

We strategically assess dispersed business unit processes incompatible with approved centralized controls and implement multi-methodology mapping and remediation. This provides our clients with an opportunity to cohesively integrate information ‘asset’ governance with ‘corporate’ governance, rejoin organizational silos with duplicative processes, and efficiently admix knowledge dispersed throughout the organization. We help clients by:
  • Establishing baseline policies critical for sustainable and continuous compliance
  • Revising incident response procedures to isolate causes and reduce future risk indices
  • Updating patching, logging and data capture processes to conform with audit expectations
  • Creating and implementing internal verification controls to monitor policy conformance
  • Providing comprehensive GRC ecosystem assessments and recommendations for disparate risk analytics, business performance, audit, claims, legal, insurance and financial systems
  • Defining and leading implementation of operational tactics
  • Identifying potential audit flags and lowering regulatory non-compliance risk
  • Meeting statutory deadlines and mitigating exposure

 

 
[Home] [About] [Resources] [Services] [Governance] [Ediscovery] [Compliance] [Risk] [Contact]

Copyright © 2007 - 2008 Avacuna LLC. All rights reserved.