1. Overview of Our Services
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
2. Crossland Advisors provides IT risk and control services to a number of industries,
including:
• Manufacturing
• Pharmaceuticals
• Healthcare
• Financial Services
• Insurance
• Government
• Retail
• Utilities
Our extensive experience allows us to develop real world solutions to complex
challenges. We use a process-focused risk-based approach and are able to relate
leading practices and improvements to understand, anticipate and address a wide
variety of information system risk and process issues.
Crossland Advisors is ready to work with you to satisfy your IT risk and control needs.
What we do
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
3. ➢ IT compliance programs and processes
➢ Readiness assessments
➢ IT risk and control assessments, rationalization, design, implementation
and remediation
➢ IT internal audit
➢ IT process and effectiveness assessments and solutions
We also partner with other firms to provide additional related services, such
as:
• Service Organization Control (SOC) and Other Attestation Reporting
• Computer Forensics
• Penetration Testing
• HITRUST Validation and Certification
• Enterprise Risk Management (ERM)
• Data Analysis
• Privacy
Our IT Risk and Control Services
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
4. Compliance requirements, such as Sarbanes-Oxley (SOX) and Model Audit
Rule (MAR), has been a time-consuming and expensive proposition for many
organizations. Our compliance methodology focuses on six key steps that
allow for quick identification of issues while continuing to strengthen the
foundational elements of a compliance program:
1. Planning and risk assessment
2. Determine the scope of work
3. Identify and assess entity-level controls
(ELCs)
4. Document processes and controls
5. Develop test plans
6. Perform compliance testing
IT compliance programs and processes
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
5. • Service Organization Control (SOC) readiness:
SOC reporting has gained significant importance in providing current and potential
customers with trust and confidence that the processes and controls being provided
by the service organization are deigned and operating effectively. Prior to having a
SOC audit completed, it is imperative that a readiness assessment be performed to
identify potential weaknesses and gaps that can be remediated prior to the SOC audit.
Our approach includes understanding the processes being provided,
confirming the control objectives, understanding the controls in place,
determining if the controls satisfy the control objectives, identifying control
weaknesses or gaps and assisting with control remediation efforts.
• System pre-implementation assessments:
System implementations are time consuming and costly. Our methodology is designed
to help management assess various project confidence elements throughout the
development process:
❑ Program governance
❑ Project management
❑ Solution integrity
❑ Data integrity
❑ Business readiness
❑ Support readiness
❑ Post-go live activities
Readiness assessments
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
6. • IT risk and control assessments:
Information Technology (IT) is a critical element to a company’s business. Information
and the technology that supports it represent valuable assets that need to be
safeguarded and controlled. In the current business environment, management of IT-
related risks is a key component of enterprise governance. To ensure adequate
systems reliability, management is responsible for maintaining effective controls over
security, availability, integrity and maintainability of its systems.
• IT risk and control rationalization:
Since the Sarbanes-Oxley Act of 2002 was signed into law, the specific requirements
continue to be refined each year. Since compliance is an ongoing requirement,
organizations must frequently assess significant accounts, related assertions and
control coverage in order to optimize and rationalize controls.
• IT control design and implementation:
Business process design and controls should be integrated as part of a lifecycle, not
one-off separate activities conducted during a high-level process design.
• Assistance with IT control remediation:
While there has been considerable effort to design, implement and enhance controls,
many organizations are still struggling with control deficiencies. Control remediation,
if done correctly, should be a well thought-out process so the deficiencies will not
reoccur in the future.
IT risk and control assessments, rationalization, design,
implementation and remediation
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
7. One of the most important responsibilities of an organization is to identify,
assess and address risk to provide confidence for its employees,
shareholders, suppliers and customers. Information technology and
especially new technologies such as cloud services (SaaS, IaaS, PaaS), social
media and mobile devices are constantly complicating and increasing the
risk landscape.
IT internal audit resources are always in high demand and organizations are
regularly challenged to hire, retain and maintain the skills necessary to
effectively and efficiently execute an annual IT audit plan.
Our extensive background in information
technology auditing, risks and controls can
provide supplemental resources and
knowledge to assist with completing an
annual IT audit plan.
IT internal audit
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852
8. • IT process assessments and solutions:
IT organizations are constantly under pressure to do
more with less yet technology continues to change. In
order to realize increased value, an effective IT
organization must periodically assess current
processes. Improving an IT process is achieved by first
understanding the rationale for change, the benefits
desired and the challenges that may be encountered.
• IT effectiveness assessments:
An effective IT organization should operate efficiently
and consistently such that the majority of resources
can focus on helping the company manage the overall
level of risk, rationalize overall costs and realize
increased value from the IT investment.
IT process and effectiveness assessments and solutions
Crossland Advisors, Inc. crosslandadvisors.com 610-365-4852