Our auditors have experience with many different regulations affecting many different industry sectors and types of corporate structure. The primary regulations we can ensure your business complies with are as follows:

Sarbanes-Oxley

Recognizing the need for an integrated and SOX-compliant approach to the evaluation of IT controls over financial reporting, ALP developed a detailed, risk-based approach to auditing IT systems and applications for Sarbanes-Oxley compliance. We utilize the COBIT® and COSO® frameworks to understand, document and test the linkage between IT processes and financial system controls. This approach results in true “value-added” audits that address risks specific to your information systems environment(s) and eliminates unnecessary control objectives from the scope of our review, saving you money, and is consistent with SEC and PCAOB requirements and directives.

We have extensive Sarbanes-Oxley and IT auditing experience in the financial services, manufacturing, banking and higher education environments. Some of the clients we've worked with include the University of Texas, Texas State Bank, Tecumseh Products, Gibraltar Steel, Coachmen, Franklin Electric, Aditya Birla, and Zwick Roell.

Download a brochure on our Sarbanes-Oxley IT capabilities here:
Sarbanes-Oxley IT Audit Services Brochure Page 1
Sarbanes-Oxley IT Audit Services Brochure Page 2

Additional information regarding Sarbanes-Oxley can be found on the following websites:

IT Controls for SOX Compliance
Public Company Accounting Oversight Board

FFIEC Standards

We have developed detailed audit programs for the following FFIEC/FDIC areas:

• Bank Secrecy Act/Anti-Money Laundering
• Outside Technology Providers
• Electronic Banking
• Information Security
• Business Continuity
• IT Management
• IT Operations
• Development and Acquisitions
• Internet Banking

Our audit programs were developed in accordance with FFIEC guidelines and ISACA and IIA standards as appropriate. We have utilized the FFIEC IT Examination Handbooks in developing our audit procedures and work programs and will measure compliance against FFIEC guidelines and internal Bank policies. All of our clients have received the highest possible rating from the bank examiners after their reviews. Our goal is to provide you with complete assurance that your operating procedures comply with FFIEC guidelines and the bank examiners find minimal deficiencies.

Some of our clients include Texas State Bank, St. Joseph Capital Bank and The Mechanics Bank. Download a brochure on our bank audit capabilities here: Bank Auditing Brochure

FFIEC Guidelines for each specific area can be found at the following website:

FFIEC Guidelines

HIPAA Security Compliance

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for the security of electronic health care information.  The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications.

Covered entities must develop and implement policies and procedures for authorizing Electronic Protected Health Information (EPHI). Of utmost concern is the number of security breaches that have occurred due to the use of portable media, such as USB flash drives, and the use of laptop computers, PDA's, home computers and other storage devices outside of the organization's physical domain. The review of these policies and procedures generally occurs on an annual basis in order to comply with the HIPAA Security Rule.

Our proprietary audit programs address all relevant aspects of HIPAA's security rule to ensure that you have taken the necessary precautions to protect the integrity of all the sensitive data under your control. Some of the risks we review include:

• Protection of logon passwords
• Controls over EPHI data accessed from offsite locations
• Session termination/timeout for portable or remote workstations and laptops
• Virus, malware, spyware and other potential contamination
• Potential of laptops being stolen and encryption of data stored on laptops
• Use of non-encrypted portable storage devices
• Use of wireless networks and access to common devices (such as hotel or library workstations)
• Use of secure connections and transmission standards for EPHI data
• Use of non ISO 17799 compliance techniques

We have completed HIPAA compliance audits for financial services and healthcare providers.

For more information on the HIPAA security standard, please visit this Health and Human Services website:

HIPAA Security Standard

FCPA

Although the FCPA was passed nearly thirty years ago, its relevance has never been greater than today. Generally, the U.S. Foreign Corrupt Practices Act of 1977 ("FCPA" or the "Act") prohibits U.S. companies, their subsidiaries, as well as their officers, directors, employees, and agents from bribing "foreign officials" and also requires U.S. companies that issue debt or equity to maintain internal accounting controls and to keep books and records that accurately reflect all transactions.

In today's environment the FCPA has been used to bring criminal charges against non-U.S. nationals for financial transactions either initiating or being relayed through a point of presence in the United States , whether or not that individual had ever set foot in North America . The net has been cast in a wide circle, and companies which previous thought they were protected by using non-U.S. subsidiaries to deal with foreign governments are being reeled in by the thousands. Companies that have never had a point of presence in the U.S. or ever been owned by a United States company are being prosecuted for breaking some of the FCPA's countless regulations.

Payments, authorizations, promises or offers to any other person are also prohibited if there is knowledge that any portion of the payment is to be passed along to a foreign official or foreign political party, official or candidate for a prohibited purpose under the Act. Knowledge is defined very broadly and is present when one knows an event is certain or likely to occur; even purposely failing to take note of an event or being willfully blind can constitute knowledge.

Our expertise in the FCPA area is limited to providing your employees and agents with detailed questionnaires, accumulating the results and recommending corrective actions and/or changes in Corporate policies to ensure that there are no unknown payments which might cause problems for your company. The text of the FCPA can be obtained at the following website:

FCPA Text

We have extensive Sarbanes-Oxley and IT auditing experience in the financial services, manufacturing, banking and higher education environments. Some of the clients we've worked with include the University of Texas, Texas State Bank, Tecumseh Products, Gibraltar Steel, Coachmen, Franklin Electric, Aditya Birla, and Zwick Roell.