Assurance Services

Give the necessary confidence to your business partners, user entities, regulators, governing body, existing and prospective customers!

We provide assurance services in the following areas:

Financial Statements Review
An independent review of your financial statements to provide limited assurance that those financial statements do not require material changes to be made in order for them to conform to Generally Accepted Accounting Principles. While a review provides a lesser form of assurance than an audit, it may be just what your business or creditors need.

Financial Statements Audit
An independent audit of your financial statements to provide reasonable assurance that those financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. A financial statements audit will include an assessment of your internal control system and a report on any weaknesses thereof for improvement.

SOX Section 404 Audit
An independent examination of the documentation and effectiveness of controls that are significant to the financial reporting process of a publicly traded reporting entity. It is performed in compliance with section 404 of the Sarbanes-Oxley Act (SOX) of 2002 requirements.

System and Organization Control (SOC) Attestation
This consists of independent examination designed to show the quality of the information system and organization controls of a service organization to its customers (existing or potential), business partners, governing bodies, or regulators in order to give them a level of assurance they need concerning internal controls over financial reporting or about one or more or all of the following:

  • Security

  • Availability

  • Processing integrity

  • Confidentiality

  • Privacy

Depending on your specific needs, we will perform one or more of the following SOC audit:

  • SOC 1: An examination of system and organization controls at a service organization which are relevant to user entities’ internal control over financial reporting. If your organization provides services that are relevant to other entities’ financial reporting processes, you would need this audit. SOC 1 report meets the needs of user entities' managements and auditors for evaluating the effects of system and organization controls over financial statements assertions. The focus is on those controls that are relevant to user entities' financial reporting processes.

  • SOC 2: This is an examination of system and organization controls at a services organization related to one or more or all of the following: security, availability, processing integrity, confidentiality, and privacy of information systems in that service organization. SOC 2 audit report meets the needs of informed stakeholders who need to evaluate service organization's detailed controls and their effectiveness in any or all of the five listed categories.

  • SOC 3: An examination similar to SOC 2 audit but without auditor’s expression of opinion on the service organization's description of its system or descriptions of tests performed by the auditor and their results. Designed for those stakeholders who need to understand the service organization's controls related to security, availability, processing integrity, confidentiality and/or privacy but without the level of details provided by SOC 2 audit report. It is mostly appropriate for the service organization's marketing purposes.

SOC 2 + CSA STAR Attestation
This is an attestation based on the AICPA TSP framework for SOC 2 reporting, supplemented with additional cloud specific security controls from the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM). The CSA Security, Trust, Assurance, and Risk (STAR) Registry program combines the principle of transparency, rigorous auditing, and harmonization of security and privacy standards contained in the CCM. Publishing to the STAR registry allows organizations to transparently show their customers and other stakeholders (current and potential) their security and compliance posture in a unified fashion. Our firm is one of the few auditing firms approved to perform SOC 2 + CSA STAR attestation.

Other Types of Compliance, Regulatory, and Security Audit
We also leverage stress-free and cost-effective audit process, tools, and methodology to perform other types of compliance, regulatory, and security audit, including HIPAA, GLBA, CCPA, GDPR, SWIFT CSC, NIST CSF, Application Security, Cloud Security, and Penetration Testing. For help with your upcoming audit project, book a complimentary consultation today to get started!

More details on other frameworks and standards:
NIST SP800-53
NIST Cybersecurity Framework (CSF)
CSA Cloud Controls Matrix (CCM)
ISO/IEC 27001/27002
Payment Cards Industry Data Security Standard (PCI DSS)
Cybersecurity Maturity Model Certification (CMMC) 2.0 Framework
SWIFT Customer Security Controls Framework
General Data Protection Regulation (GDPR)

Contact us today at (954) 362-7113 or info@casassurance.com to get started with your free consultation.