Building Stakeholder Trust

To help build stakeholder trust, organizations need to demonstrate their compliance with standards of business conduct codified by public and industry regulatory authorities. Failure to do so can expose an organization to costly penalties, loss of business, and reputational damage.

Crowe Horwath LLP can help organizations meet the stringent, rising demands of business partners and regulatory agencies through independent and objective attestation services.

• Statement on Auditing Standards No. 70 (SAS 70) Examinations. SAS 70 reports can bring value to service and user organizations because they are sometimes used as a tool during the vendor selection and due diligence process. User organizations sometimes view an unqualified SAS 70 opinion as a benchmark of an organization’s reliability and maturity as a service provider. Financial institutions are generally required by their regulators to obtain and review SAS 70s from their servicing organizations.
  
  For both first-time and ongoing SAS 70 auditees, Crowe’s team of full-time SAS 70 professionals offers deep knowledge of business processes, information technology (IT) controls and security, and extensive experience across a range of industries.
• Payment Card Industry (PCI) Assessments. Securely handling customer credit card information continues to be an issue for many merchants. As one of only a few accounting firms qualified to perform PCI assessments in the United States, Crowe offers a range of PCI services (readiness, compliance, issues remediation) tailored to help merchants and service providers with goals of increasing compliance, reducing exposure to identity theft and data compromise, and maintaining customer confidence. Crowe’s approach to PCI reviews is based on our extensive knowledge of banking, technology, the card payment industry, and the challenges organizations face in becoming PCI-compliant.
• TG-3 Compliance Assessments. Technical Guideline 3 (TG-3) or PIN security compliance guidance was developed to standardize the process for reviewing security procedures involving PIN-activated transactions (i.e., automated teller machine and point-of-sale transactions). Crowe’s certified professionals use their extensive knowledge of American National Standards Institute (ANSI) encryption standards, PIN entry devices, and network and card association rules to efficiently focus the assessment of your PIN and encryption key practices.
• Agreed-upon Procedures (AUP) Review. An AUP review may be appropriate if you need certain certified IT audit procedures performed, but don’t need a formally structured SAS 70 report. This review can be customized to focus on a single element of your control environment or the entire environment, and can be used to report on specific controls for which formal management documentation may not exist (for example, the rollout of new systems or applications).

For more information about Crowe’s attestation services, please contact Vicky Ludema at vicky.ludema@crowehorwath.com or 800.599.2304.

Crowe Horwath LLP is a member of Horwath International Association, a Swiss association (Horwath). Each member firm of Horwath is a separate and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Horwath or any other member of Horwath and specifically disclaim any and all responsibility or liability for acts or omissions of Horwath or any other Horwath member. Accountancy services in several states are rendered by Crowe Chizek and Company LLC, which is a member of Horwath. © 2009 Crowe Horwath LLP Privacy Policy Legal