HIPAA Services Overview

Section 404 Implementation Services

JAF Consulting provides a wide range of Section 404 implementation services which includes the following project tasks:

	Establish criteria to identify in-scope financial processes, applications, databases and servers
	Perform control evaluation and establish Control Matrices
	Establish control gaps and coordinate/perform remediation
	Flowchart and document key processes
	Establish test procedures which meet PCAOB standards
	Conduct and document tests which meet PCAOB standards and external audit sample period and sample size requirements
	Establish ongoing quarterly and annual testing requirements

All work described above will meet the financial, application and IT general requirements of Section 404

All work will be coordinated with external auditors to obtain their concurrence to ensure their signoff on the financial statements. As per the SEC, there needs to be separation of duties between the parties performing the implementation of the controls and those parties certifying the controls.

Section 404 Quarterly Testing Services

JAF Consulting provides independent testing services using the existing control design established by your organization. As part of the quarterly test, we can perform a control validation to ensure control have not changed prior to testing.

Section 404 IV & V Services

The external auditors interpretation of the 404 requirements has been changing each month. JAF Consulting has the latest information regarding type and level of testing which is required along with the test documentation requirements.

The purpose of the IV&V review is to perform a 1 - 4 week review (depending on the size on the organization) to assess whether the following:

	Verify proper inclusion of in-scope financial processes, applications, databases and servers
	Verify proper scope of coverage for controls
	Verify that controls have been adequately defined
	Validate adequacy of process used to perform control evaluations
	Assess control remediation strategies and design
	Assess test procedures
	Assess the adequacy of testing to which includes sample period and size requirements
	Assess the adequacy of the test documentation

At the end of the engagement a presentation will made to management which will indicate project areas which have met and not met the requirements to support management assertions of the controls used to generate the financial statements. In addition, recommendations will be provided to allow for the project to meet the requirements of the external auditors to secure an opinion which will not produce any material weaknesses. JAF is also available to assist in the negotiation with the external auditors in order to receive a favorable opinion.

Section 409 Implementation Services

	Establish escalation process
	Assess trigger points to identify material change

Pre-Implementation Review of Sarbanes-Oxley Impacted Systems

The purpose of this service is to provide management with an independent assessment of whether new systems will resolve Sarbanes-Oxley control issues identified in the replacement systems and whether new Sarbanes-Oxley issues will arise from the implementation of the new system.

For further information regarding Sarbanes Oxley Compliance services and to learn how JAF Consulting, Inc. can assist your organization, contact us at 856-241-1900 or email info@jafconsulting.com

Hit Counter

For More Information Contact: info@jafconsulting.com

Last Revised: January 23, 2006