Assessment Services - EnterpriseGRC Solutions, Implementing a Compliance Framework

Currently, EnterpriseGRC Solutions provides many types of compliance assessment, primarily those aligned with ISO/IEC 27001, SOC2, Preparation for STAR, FedRAMP, and NIST 171. This article presents a methodology that underpins our approach in all forms of compliance program management and testing. We still work with CobiT, and now we do so much more.

EnterpriseGRC Solutions will supply consulting and recommendations in support of IT resource assignment and organization structure as it pertains to support of the Control Objectives for Information and Related Technology.  EnterpriseGRC Solutions focuses corporations in implementing an overall framework for control and assessment.  EnterpriseGRC Solutions, Inc. guides clients to:

  • Ensure preparation to demonstrate effective internal control structure and procedure
  • Demonstrate appropriate standards for gathering evidence and reporting these findings
  • Establish a system of enterprise-wide Risk Assessment
  • Identify financial exposures along with management steps to monitor and control such exposures
  • The scope of IT auditing includes:
    • Reviewing the reliability and integrity of information and the means used to identify measure, classify, and report such information.
    • Reviewing the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations, which could have a significant impact on operations and reports, determining whether the organization is in compliance.
    • Reviewing the means of safeguarding information (backups), verifying the existence of such backup sets.
    • Appraising the efficiency with which resources are employed.
    • Reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.

All tools and procedures supported by EnterpriseGRC Solutions Inc. (EnterpriseGRC Solutions) facilitate meeting SEC requirements on internal control over financial reporting.  EnterpriseGRC Solutions provides consulting and products that isolate internal control deficiency while supplying both internal assessment reporting and response in the form of written and implemented IT procedures and controls.  Three major elements work together to provide content, guidance, and criteria toward a consensus-driven strategy for a properly controlled

business environment. We refer to this as our compliance framework:

Who What How

  • ITIL® is FORM, content, and concept behind IT Control Programs
  • Facilitated Compliance Management™ are the FUNCTION, a working data and process model of HOW we manage and capture IT control events
  • CobiT®, COSO, and other Security Program control programs are the MEASURE or criteria by which we agree to define an IT environment as appropriately controlled.

Technology Event Drivers

New and increasing business regulations bring added context to the need for highly mature IT programs.  The main purpose of the Sarbanes-Oxley Act, for example, is to protect investors by improving the accuracy and reliability of Corporate Disclosures.  This legislation has made it necessary for all publicly traded companies to ensure corporate preparation to demonstrate "effective internal control structure and procedure."   EnterpriseGRC Solutions facilitates the definition of effective internal control while supplying tools and project implementation to reach this goal.  In addition, nonpublic companies are increasingly aware of SEC-driven requirements around security, data management and the demonstrations of other IT controls as required by SOC 2 v. 2017 plus privacy (SSAE no. 18).

Main Menu