|
IT
Audits
|
|
|
|
 |
Disaster
Recovery Reviews |
|
|
|
|
 |
System
Development Life Cycle Reviews |
|
|
|
|
Project
Management Reviews |
|
|
|
|
|
| Service
Auditor Reports (SAS 70) |
Certain
service providers (e.g. computer processing service bureaus and
ASP’s) are required to make available a periodic report
performed by an independent public accounting firm that discloses
the adequacy of information systems controls and the level of
compliance with the organization’s standard operating
procedures. This report is also referred to as a Service
Auditor Report (“SAR”) or a SAS70
Report. Mandem Consulting can
perform these procedures and prepare the SAR report. |
| SysTrust |
Mandem
Consulting provides an AICPA audit assurance service called
SysTrust. The SysTrust engagement and report provides a client
with assurance that their systems are , in fact, reliable.
When we perform a SysTrust review, we use the following four
principles to evaluate whether a system is reliable:
|
Availability.
Does the system operate and provide information in accordance
with its stated availability and is accessible when routine
processing and maintenance must be performed?
|
|
Security.
Is the system
protected against unauthorized physical and logical access?
Logical access is the ability to read or manipulate data
through remote access. Restricting system access helps prevent
potential abuse of system components, theft of system
resources, misuse of system software and improper access to
and use of information.
|
|
Integrity.
Is system processing complete, accurate, timely and
authorized?
|
|
Maintainability.
Can the system be
updated to provide continued availability, security and
integrity?
|
This
report provides technical assurance that systems are reliable for
smaller middle market organizations.
|
| Business
Continuity/Disaster Recovery Planning |
Mandem
provides access to professionals who are thought leaders in
Business Continuity/Disaster Recovery Planning and can leverage
the collective experiences of hundreds of companies to optimize
the client’s plan from a risk and cost perspective. Our
services are designed to assist in the development, implementation
and maintenance of effective recovery plans by leveraging leading
edge thinking and focusing on the individual needs of our clients. |
|
Attack
and Penetration Study
|
We
provide an exhaustive analysis of an organization’s security
posture at the Internet, Intranet, Extranet, and Dial-In levels.
Exploits are directed at the system infrastructure surrounding one
or more mission critical systems or applications from an
“insider” perspective. We also offer attack and
penetration services that provide a “real life”
test of an organization’s exposure to known security threats and
vulnerabilities which an unauthorized user could exploit with
varying levels of access and information.
|
| HIPAA
|
In
HIPAA Reviews Mandem evaluates efficiency and effectiveness of EDI
administrative and financial transactions, review security and
privacy of transmitted information, evaluate the administrative
procedures and organizational infrastructure and assess physical
safeguards and physical controls. |
|
Security
Infrastructure Assessment
|
We
evaluate the existing security program and associated processes
and procedures within an organization at the Internet, Intranet,
Extranet and Dial-In levels. This information is then used
to recommend improvements on the current security infrastructure.
Mandem will then configure and implement these recommendations
based on Senior Management’s approval. This service
offering includes the implementation of specific security controls
or enterprise solutions at the operating system, database and
network levels.
|
| Technology
Due Diligence |
Mandem
can assist independent investors better understand the underlying
technology as part of the overall business proposition, assess the
risk associated with the technology and proposed business model to
gain enhanced perspective on the success horizon of the venture. |
| Fraud
Detection & Prevention Services |
Mandem
can help transform control frameworks by rethinking the entire
process from development of a technology control strategy through
implementation of monitoring and performance measurement
processes. We focus on providing organizations with control
frameworks, fraud techniques and technology as well as the
necessary awareness to achieve these control objectives. |
|
Sarbanes-Oxley
(SOX)
Statement:
404 |
Mandem
resources can assist organizations in the implementation of
SOX. Weather the organization needs resources to document,
process flow or construct detailed test plans or to independently
conduct audit evaluations of the organization's general controls
or application controls around critical financial applications, we
can assist the organization in validating that they are following
SOX as required in statement 404 at an affordable price. |
