Sarbanes-Oxley (SOX)
The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (commonly called SOX or Sarbox), is a United States federal law signed into law on July 30, 2002 in response to a number of major corporate and accounting scandals. Enacted to restore public confidence and trust in our nation's corporate sector, the Act demands greater accountability for financial management and reporting practices for companies registered with the Securities and Exchange Commission (SEC). The Act charges management with the responsibility for annually assessing the design and operating effectiveness of internal control over financial reporting and requires external auditors to annually audit and issue a report on the effectiveness of the company's internal controls.

Securance Consulting works continuously with the Big 4 public accounting firms to understand their approach, testing methodologies and required documentation to ensure that your audit is completed efficiently, effectively, and in accordance with public accounting standards, and the standards set forth by the Public Company Accounting Oversight Board (PCAOB). Many of our clients engage Securance for their SOX readiness assessments as the public accounting industry has come to rely 100% on the work performed by our consultants. 

Gramm-Leach-Bliley Act (GLBA)
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and Pretexting provisions.

Our consultants specialize in providing assistance to Internal Audit and Regulatory Compliance Departments related to each aspect of the GLB Act. Our services include general assessments of compliance readiness, development of GLB Act continuous testing methodologies, specific scope, and full-scope compliance reviews.

NAIC Model Audit Rule Compliance
The National Association of Insurance Commissioners (NAIC) has amended its Model Regulation Requiring Annual Audited Financial Statements to include Sarbanes-Oxley Act requirements. The amendments relate to auditor independence, corporate governance, and internal control over financial reporting. The adopted revisions require that insurance companies have an audit committee and indicate that some audit committee members may need to be independent from management. The adopted revisions also require that insurance companies with $500 million or more in direct and assumed premium file a report with the insurance department regarding the company's assessment of internal control over financial reporting. The exemption from internal control assessment must be filed for and received from the domiciliary insurance commissioner. The exemption may not be granted if risked-based capital levels or company actions present a financial hazard. The scheduled effective date is January 1, 2010.

Our consultants specialize in providing assistance to Internal Audit and Regulatory Compliance Departments related to each aspect of the Model Audit Rule. Our extensive audit and SOX experience can significantly reduce the costs associated with implementing an MAR compliance methodology. Our focus is always on providing a cost effective and value driven audit.

PCI Compliance
The payment card industry compliance and validation regulations apply to financial institutions, Internet vendors and retail merchants.  The rules spell out what security measures must be taken to protect the private information of employers and employees during any transaction occurring with the use of a paycard. They also require certain auditing procedures. The Payment Card Industry Data Security Standard is used by all card brands to assure the security of the data gathered while a card member is making a transaction at a bank or participating vendor.

The expense of compliance to the Payment Card Industry Data Security Standard (PCI DSS) can be substantial, especially for "Level I" (large) companies. The penalties for noncompliance can vary from censure, to fines, to, in the worse case, revocation of card issuance and payment processing capabilities. However, as major data security breaches increase - the threat to merchants and service providers can be far worse than just financial costs. Litigation and the loss of consumer confidence can be the most severe expense of all.

Securance leverages our people, experience, technology, and intelligence to secure your critical infrastructure as required by regulations and business needs. As a result, your staff remains focused on strategic business initiatives while Securance Consultants assess your devices with real-time analysis and reporting. Our consultants are trained to not only identify deficiencies, but also assist in remedying the identified vulnerabilities to avoid card processing regulatory penalties. 

HITECH Act
In February 2009, President Obama signed into law an economic stimulus package called the American Recovery and Reinvestment Act (ARRA). Part of this law is the Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009 which introduces the first federally mandated data breach notification requirement. It also expands the reach of Healthcare Insurance Portability and Accountability Act (HIPAA) data privacy and security requirements to include companies like business associates that can include health information exchange organizations, regional health information organizations, or any vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record. Services can in­clude legal support, accounting, IT, financial support, marketing and other areas. In effect, these associates are now subject to the same requirements for protected health information (PHI) data security as covered entities - along with the same penalties for noncompliance covered under HIPAA.

The HITECH Act requires that patients be notified of any unauthorized acquisition, access, use, or disclo­sure of their unsecured PHI that compromises the privacy or security of such information. The HITECH Act defines unsecured PHI as any PHI that is not secured by a technology standard that renders it unusable, unreadable, or indecipherable to unauthorized individuals and is de­veloped or endorsed by a standards developing organization that is accredited by the American National Standards Institute.

Our consultants specialize in providing assistance to Internal Audit and Regulatory Compliance Departments related to each aspect of the HITECH Act. Our services include general assessments of compliance readiness, development of HITECH Act continuous testing methodologies, specific scope, and full-scope compliance reviews.