Compliance Services

Sarbanes-Oxley (SOX)

The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (commonly called SOX or Sarbox), is a United States federal law signed into law on July 30, 2002 in response to a number of major corporate and accounting scandals. Enacted to restore public confidence and trust in our nation’s corporate sector, the Act demands greater accountability for financial management and reporting practices for companies registered with the Securities and Exchange Commission (SEC). The Act charges management with the responsibility for annually assessing the design and operating effectiveness of internal control over financial reporting and requires external auditors to annually audit and issue a report on the effectiveness of the company’s internal controls.

Securance Consulting works continuously with the Big 4 public accounting firms to understand their approach, testing methodologies and required documentation to ensure that your audit is completed efficiently, effectively, and in accordance with public accounting standards, and the standards set forth by the Public Company Accounting Oversight Board (PCAOB). Many of our clients engage Securance for their SOX readiness assessments as the public accounting industry has come to rely 100% on the work performed by our consultants. 

Gramm-Leach-Bliley Act (GLBA)

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and Pretexting provisions.

Our consultants specialize in providing assistance to Internal Audit and Regulatory Compliance Departments related to each aspect of the GLB Act. Our services include general assessments of compliance readiness, development of GLB Act continuous testing methodologies, specific scope, and full-scope compliance reviews.

NAIC Model Audit Rule Compliance

The National Association of Insurance Commissioners (NAIC) has amended its Model Regulation Requiring Annual Audited Financial Statements to include Sarbanes-Oxley Act requirements. The amendments relate to auditor independence, corporate governance, and internal control over financial reporting. The adopted revisions require that insurance companies have an audit committee and indicate that some audit committee members may need to be independent from management. The adopted revisions also require that insurance companies with $500 million or more in direct and assumed premium file a report with the insurance department regarding the company’s assessment of internal control over financial reporting. The exemption from internal control assessment must be filed for and received from the domiciliary insurance commissioner. The exemption may not be granted if risked-based capital levels or company actions present a financial hazard. The scheduled effective date is January 1, 2010.

Our consultants specialize in providing assistance to Internal Audit and Regulatory Compliance Departments related to each aspect of the Model Audit Rule. Our extensive audit and SOX experience can significantly reduce the costs associated with implementing an MAR compliance methodology. Our focus is always on providing a cost effective and value driven audit.

PCI Compliance

The payment card industry compliance and validation regulations apply to financial institutions, Internet vendors and retail merchants.  The rules spell out what security measures must be taken to protect the private information of employers and employees during any transaction occurring with the use of a paycard. They also require certain auditing procedures. The Payment Card Industry Data Security Standard is used by all card brands to assure the security of the data gathered while a card member is making a transaction at a bank or participating vendor.

The expense of compliance to the Payment Card Industry Data Security Standard (PCI DSS) can be substantial, especially for "Level I" (large) companies. The penalties for noncompliance can vary from censure, to fines, to, in the worse case, revocation of card issuance and payment processing capabilities. However, as major data security breaches increase - the threat to merchants and service providers can be far worse than just financial costs. Litigation and the loss of consumer confidence can be the most severe expense of all.

Securance leverages our people, experience, technology, and intelligence to secure your critical infrastructure as required by regulations and business needs. As a result, your staff remains focused on strategic business initiatives while Securance Consultants assess your devices with real-time analysis and reporting. Our consultants are trained to not only identify deficiencies, but also assist in remedying the identified vulnerabilities to avoid card processing regulatory penalties.

Other Compliance Expertise

Please contact us to learn about other regulatory compliance requirements where we maintain expertise.