Our internal audit groups are formed of multidisciplinary teams that bring vast experience and skill to benefit our clients in a way that truly exceeds their high expectations. These teams apply our unique methodology and state-of-the-art technology and tools to bring our full range of capabilities to our clients.

Internal Audit

AC3’s internal audit methodology represents a compendium of best practices based on our practitioners’ many years of industry experience, including:

  • Processes and procedures that comply with Institute of Internal Auditors (IIA) and other industry standards and that exploit technology and industry specific best practices to improve efficiency and produce results.
  • Reporting that includes not only control weaknesses but also acknowledgment of positive practices and value-added insights.
  • A staffing model that includes professionals with the requisite experience on the ground, where you need it.
  • Embedded quality-assurance processes.
  • The flexibility to implement specific methodology components or reorganize methodology steps to align with Internal Audit Management goals and preferences.

Our seven-phase process was developed by internal audit professionals and will be customized to integrate your company’s existing methodology to precisely meet your needs. We begin each internal audit engagement by obtaining a detailed understanding of your business processes and infrastructure, performance measures, purpose and strategy, governance, people and culture, industry, and other factors influencing your business. Based on this knowledge, we define the universe of auditable entities and develop a risk model. This enables us to deliver against the audit plan, in addition to providing insight based upon our findings.

Sarbanes-Oxley 404

The Sarbanes-Oxley Act of 2002 has imposed several new reporting requirements on public companies. Are you confident your company’s response is adequate and cost efficient in meeting these new requirements?
If you are wondering where you will find the time and knowledge to effectively document, evaluate and test your internal controls over financial reporting and disclosure, we can help. Assurance Consulting 3, Inc. professionals with financial accounting, IT management and audit experience ranging from 5 to 20 years. Our success in helping companies like yours is the result of our ability to deliver Big 4 quality service at attractive rates.
Using our comprehensive tools and techniques that are specifically tailored for small to medium-sized companies, we can document, evaluate and test your internal processes, systems and controls in advance of your auditors. Because AC3’s professionals are primarily ex-Big 4 auditors, we possess the competence and objectivity for both management and your external auditors to rely on our work resulting in a more efficient audit by your external auditors, a greater chance of a “clean” opinion and the lowest audit fees possible. Given the current market for SOX readiness projects, AC3’s rate structure is targeted at clients seeking to reduce their overall compliance costs.

  • Readiness/Compliance
  • Ongoing Compliance
  • Streamlining & Efficiency

IT Audit

In conjunction with AC3’s internal audit and Sarbanes-Oxley readiness methodologies, our risk-based approach to IT auditing has been finely tuned to focus on only those applications and environments that pose the greatest risks. AC3’s IT audit methodology has been developed to fully integrate with our internal audit and Sarbanes-Oxley readiness methodologies to achieve the most efficient and effective testing approach. In addition, AC3’s IT audit methodology was designed to bridge the gaps between IT leadership, internal audit, and external auditors.
In addition to traditional IT audit capabilities, AC3’s IT audit group has substantial expertise in several value-added services including:

  • Web Security
  • Perimeter Security
  • Computer Forensics
  • Disaster Recovery Assessment and Testing
  • ERP/Systems Integration Implementation Assistance

SSAE 16 Readiness Consulting

Statement on Standards for Attestation Engagements (SSAE) No. 16 including the Service Organization Control (SOC) reporting framework (SOC 1, 2, 3) was developed by the AICPA to signify that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. Many clients are unsure of the necessary steps that must be in place before effectively beginning the audit process for SSAE 16 engagements. With AC3’s Readiness Consulting Service, we can help to make your SSAE 16 certification flow smoothly and efficiently by walking your company through the process of preparation before the audit begins.