This is a question that has no right or wrong answer, but is one that every Chief Audit Executive (CAE) needs to consider. Even private firms that aren’t required to comply with SOX are likely still tasked with testing some Controls to ensure internal control over financial reporting (ICFR) within the organization, or have some other type of compliance audit to perform (HIPAA, PCI, Fraud, MAR, etc).
So, how do you fulfill this role for testing and reporting on regulatory compliance (SOX), while finding the time and resources to perform your larger role of adding value to your department through oversight of the company’s general activities? To address this issue, let’s start with making sure we are working from a common framework. A standard definition (Farlex Financial Dictionary) of an Operational (sometimes called Management) Audit is as follows:
“A measurement and report of the effectiveness and results of certain business procedures. Management audits are usually performed internally, and check to see that procedures have their intended effect. Unlike a compliance audit (eg. SOX), which simply ensures that procedures are being followed, management audits challenge the assumptions and objectives of procedures, with an eye toward improving efficiency. A management audit may recommend changes in procedures resulting from observed inefficiencies in existing procedures.”
This can include audits of facilities, processes, staff behavior, etc. I believe the majority of you would agree that it should always include Objectives and Risks associated with the entity areas being audited. We also recognize that there is oftentimes some overlap with SOX Controls, so that a SOX test can satisfy part of an Operational Audit, or visa versa.
However, how do you split your workload for those areas that don’t overlap? Some of you have told me that the majority of your auditors’ time is spent doing SOX testing, not “true” auditing. The perceived downside of that mix is it becomes difficult for the CAE to demonstrate the strategic value of his/her Audit department because they are performing what many CFO/CEOs think of as a “commodity” function. After all, SOX has been around for 8 years or so, so how much creativity is involved in the activities to demonstrate ICFR (their opinion, not mine)?
The majority of the CAEs I talk to (particularly those who are relatively new in their assignment) tell me one of their organizational objectives is to reduce the SOX workload to allow for more Operational audits. Many tell me that over 50% of their department’s manhours are spent on SOX-related activities, with their goal to get it down to less than 33%.
One reason they are willing to speak with me about GRC & Audit automation software is so that they can achieve this goal without adding headcount (either internally or thru co-sourcing). As I discussed in last month’s newsletter, automation also offers the option of self-assessments vs. direct testing as a time and money-saving process. This also releases auditors to perform more Operational audit activities vs. SOX Compliance. This assessment “engine” also can be used for Risk Assessments to better focus the Operational audits on areas other than SOX Key Controls.
On a related note, as more Audit Committees and Boards of Directors take up the issue of Enterprise Risk Management (ERM), it is frequently falling to the CAE (if no CRO exists in the organization) to pick up the gauntlet for this responsibility. That puts one more item on their plate without an increase in headcount. The only way to accomplish that goal is to be more efficient and productive in managing the existing key responsibilities (eg. SOX testing), thus freeing up time for more risk-based Operational audits. What the right balance is for your organization is up to you, but I’m pretty sure achieving that desired balance will be easier with automation than without. I’d love to hear from you regarding your point of view on the matter.
Best regards,
Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616 (office)
678-360-2851 (cell)
Atlanta, GA
pfine@doublechecksoftware.com
July 25, 2011 | Morris Plains, NJ: DoubleCheck™ LLC, a leading provider of enterprise GRC & Audit solutions, today announced the availability of a suite of preconfigured solutions for PCI and CobIT assessments.
“These capabilities enrich the power of our current solution,” said Tim Ihde, Chief Technical Officer, DoubleCheck. “As part of an integrated suite, these preconfigured assessments make it easy and efficient for companies to implement and maintain standards based compliance programs.”
The CobIT framework supports effective management of an IT organization, with focus on balancing technical, operational and business requirements. The DoubleCheck CobIT Solution provides an easy means of performing a CobIT assessment, built around a structured set of assessments, a clear scoring methodology, excellent document management and easy to interpret reports.
The PCI (Payment Card Industry) Data Security Standards (DSS) are designed to identify and minimize technical and process vulnerabilities that present risks to the sensitive cardholder data. The DoubleCheck PCI Solution takes the PCI requirements and turns them into an easy-to-use self-assessment, with a scoring methodology that provides insight about both compliance and areas of potential concern. Additionally, the assessment process is easy to customize based on the specific needs or structure of your organization.
This content and associated assessments, management and reporting functions may be used on a standalone basis or integrated with a broader GRC & Audit solution. When implemented as part of a broader GRC & Audit solution, both the CobIT and PCI assessments can be linked with other compliance, audit and risk management initiatives, communicating key issues and sharing results across programs.
“We are very pleased to add these capabilities to our solution suite,” said Joseph Cincotta, President and CEO of DoubleCheck. “These capabilities will make it easier for our clients to execute PCI and CobIT compliance programs and keep those programs current as the standards evolve. When combined with our well established and rich capabilities and our exceptional customer service, we have one again raised the bar for GRC & Audit solutions.”
About DoubleCheck™ LLC: DoubleCheck™ LLC is a leading enterprise-level GRC & Audit solutions software company. The DoubleCheck product portfolio includes solutions for Compliance, Corporate Governance, Risk Management and Audit Management. A leading research firm, Gartner, has identified DoubleCheck as a vendor that can provide all four elements of a complete Enterprise GRC solution: Audit Management, Compliance Management, Risk Management and Policy Management. DoubleCheck™ is ideally suited to provide the solutions, tools, information, reporting systems and exceptional customer support essential to ensure a productive, efficient and well-organized Governance, Risk, Compliance and Audit Management business processes.
For more information about DoubleCheck LLC, please contact:
Mr. Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
This question arises frequently in my conversations with senior Audit and Compliance executives, particularly in the context of SOX compliance. The answer for each organization depends upon a myriad of factors, including organizational structure, geographic disbursement, staffing levels and management philosophy (centralized vs. decentralized). I want to devote this month’s newsletter to discussing the pros/cons of each approach, recognizing that success is identifying and fixing issues and, ultimately, providing appropriate assurance that the firm is in compliance while minimizing time and money spent.
Testing:
In its simplest form, testing is done to confirm that Controls are functioning properly. As Ronald Reagan once said “trust, but verify”. This is at the heart of SOX Compliance; ensuring and certifying that the organization has sufficient “Internal Controls over Financial Reporting”.
However, the SOX regulations don’t dictate how to meet that standard. Direct testing of key controls by independent parties is generally the most reliable (and usually the most expensive) way to confirm a control is performing properly. And while other organizations provide frameworks and guidance (COSO, COBIT, etc.), there is great latitude in the actual way to test.
Companies implement testing programs in different ways. For example, some large firms have a separate IC staff, removed from IA. Others have Internal Auditors do the SOX testing, with the actual responsibility for SOX compliance remaining with the Business Owners (generally within the Controller’s group). I’m sure there are other combinations/permutations of these options, but they all still end up doing “testing”.
Geographically dispersed organizations (global footprint) will often times use the concept of “Peer testing” to augment lower staffing levels and reduce travel costs. Here, trained staff will conduct tests of Controls outside their area of responsibility (and outside their normal work duties). This might be Controller A testing controls in Controller B’s business unit, B’s testing C’s, etc.
Another approach, with additional costs, is to co-source the testing to a 3rd party accounting/advisory firm with a local presence overseas. This method is also employed by some firms for non-financial controls testing (e.g., IT Controls, PCI, etc.) regardless of the location.
For any of these methods of testing, you want a system, like that offered by DoubleCheck™, that provides the capability for designing, scheduling and managing the tests. It should also include the ability to execute specific test plans, collect and archive appropriate evidence, and sharing the findings, as appropriate, with management for review. The chosen system should also enhance your capability to follow up, post audits and to confirm agreed-to management actions have been executed. Finally, not every tester will always be within range of an Internet connection, so be sure that whatever system you use, it allows for off-line testing with later synch-up capability.
Self-Assessments:
Self-Assessments are the other means many firms use to confirm that Controls are performing to expectations. This method requires that the organization trusts the Control Owners to police themselves, principally by responding to a set of specific questions designed to determine compliance based on the subject matter knowledge of the control owners.
By their very nature, self-assessments can carry more potential risk than direct testing. You are asking the person to potentially report a deficiency that they might be blamed for. It also requires an organizational culture that pushes tasks down the chain of command and encourages delegation and personal responsibility.
That said, some of that risk can be mitigated by requesting documentation support for the responses or doing random testing of some of the Controls after the self-assessment response is received. Once again, “trust but verify”.
The key advantage of self-assessments vs. direct testing is savings in cost and time. If you have a system like the DoubleCheck™ GRC & Audit Platform, you have unlimited FREE licenses for self-assessment respondents. This can add up to a substantial savings in staff, lost productivity (when Peer testing diverts time from normal duties), travel costs and User license fees. Self-assessments can also be very costly in man-hours if you try to do it just with Word/Excel, using manually-generated email notifications and manual response integration and analysis processes.
One key feature that DoubleCheck™ offers when doing assessments is the ability to perform what is called “Branching Assessments”. Often when executing a self-assessment, depending on the answer, you may want to ask follow up questions. For example, if (and only if) a respondent answers a question “No” for which the preferred answer is “Yes” (e.g., “Is this Control still working?”), the system can ask any number of follow up questions to help the assessment manager understand that “No” answer. It can even require an answer in the “Comment” field of the Assessment before the system will allow the response to be submitted.
Many organizations use Self-Assessments to supplement direct testing; others use it for virtually all their SOX Compliance work. For either approach, you benefit from relying on a platform like ours that provides the capability for designing, scheduling, managing and scoring individual assessments. Assessments can also be integrated with other risk and compliance data. Issues or concerns can be forwarded immediately, as needed, or as scheduled, to appropriate individuals for awareness or action. The DoubleCheck™AssessmentCenteralso ensures that all respondents do in fact respond, or the system will follow up automatically and escalate as appropriate.
So, what is the correct balance between testing and self-assessments of SOX Controls? That answer will vary company by company, but now you have some of the factors to consider when making that decision.
Best regards,
Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
I know this seems like a trick question. After all, the “best practices” definition of GRC tells us that there should be no separation between IT GRC and Finance GRC.
And yet, I speak nearly every day with companies that have one of those two departments in charge of a GRC project, with the other department “going along for the ride”. While management purists would like us to believe that every project can be led by a committee of peers with equal votes, the reality we all know says someone has to lead and someone has to follow.
Continuing my headline metaphor, which function is the locomotive and which is the caboose will greatly influence what content and structure will be in the train cars between them (and whether the train will get them where they want to go).
Even key GRC analysts now have published findings that tell us over 80% of GRC engagements are in fact not Enterprise GRC engagements but rather tactical engagement to resolve key problems. For IT GRC, it might be PCI, SoD/Access, Data Privacy, etc. For Financial GRC, it is the usual suspects of SOX, Audit, etc.
However, in most cases, there is sufficient awareness of the concept of GRC at the decision-making/budget sign-off level of the company that the lead department with the budget has to at least appear to include the other side of the floor in the evaluation. Since IT and Finance oftentimes come at this issue from a different point of reference, the “best of class” solution for one may not in fact be the best solution for the overall company.
What you can be left with is exactly what the concept of GRC, from a technology solution standpoint, was supposed to prevent. Niche software solutions suited for one problem/department, but not scalable to others in the organization. The irony of this is that eventually you can wind up with a myriad of individual software tools that IT now has to devote resources to manage and integrate in order to provide necessary information/reports to Senior Management.
So what is the solution to this dilemma? There are two primary approaches that GRC software vendors take to this issue; an integrated platform or a modular platform. An integrated approach includes all components and solution capabilities in a single platform. The modular approach breaks those functions and capabilities into sub-components that you can purchase individually on an as-needed basis.
Here at DoubleCheck™ we believe a platform where all components (governance, risk, compliance, audit) are architecturally integrated into a single system is the approach most consistent with a GRC philosophy. A modular approach can leave you with the need for an element in another module on an ad-hoc basis before you can gain management support for additional expenditures. It can create artificial silos (due to missing features) that negate the intended benefits of a GRC tool.
You can also find yourself in a situation where you think you know what the cost of the system will be, yet see that cost grow exponentially as the realization hits that more modules are needed, with accompanying professional services fees to integrate and train on the new modules.
So, regardless of whether IT or Finance is leading the GRC project, considering an integrated software platform may be the best way to satisfy both groups and avoid a locomotive vs. caboose scenario.
Best regards,
Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616 (office)
678-360-2851 (cell)
Atlanta, GA
pfine@doublechecksoftware.com
www.doublechecksoftware.com
June 6, 2011 | Morris Plains, NJ: DoubleCheck™ LLC, a leading provider of enterprise GRC & Audit solutions, today announced the availability of enhanced Audit capabilities as part of the DoubleCheck Solution Suite.
“These capabilities enrich the power of our current audit environment,” said Tim Ihde, Chief Technical Officer, DoubleCheck. “As part of an integrated suite, users can now, with powerful GANTT charting tools, easily visualize their audit program and specific audit plans. Combined with our highly configurable workflows, excellent capabilities in workpaper management and reporting, clients will find DoubleCheck to be an even more compelling solution for their standalone audit or integrated GRC & Audit needs.”
“We are very pleased to add these capabilities to our solution suite,” said Joseph Cincotta, President and CEO of DoubleCheck. “These capabilities will help our client better visualize their programs. When combined with our well established and rich capabilities and our exceptional customer service, we have raised the bar for GRC & Audit solutions.”
About DoubleCheck™ LLC: DoubleCheck™ LLC is a leading enterprise-level GRC & Audit solutions software company. The DoubleCheck product portfolio includes solutions for Compliance, Corporate Governance, Risk Management and Audit Management. A leading research firm, Gartner, has identified DoubleCheck as a vendor that can provide all four elements of a complete Enterprise GRC solution: Audit Management, Compliance Management, Risk Management and Policy Management.
DoubleCheck™ is ideally suited to provide the solutions, tools, information, reporting systems and exceptional customer support essential to ensure a productive, efficient and well-organized Governance, Risk, Compliance and Audit Management business processes.
For more information about DoubleCheck LLC, please contact:
Mr. Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
Whether you are in Audit, SOX or ERM, May can be your “catch-up” month.
May includes some general events (Mother’s Day, Memorial Day) and specific events (e.g., my anniversary). But from a business schedule standpoint, it is often a relatively quiet month. For those of you on a calendar FY, you just finished your 1st Qtr. Close and Filings, and hopefully the Audit Committee meetings. The next SOX testing cycle may not yet have begun and you are still months away from beginning even preliminary planning for 2012. Even the ERM process is probably on an even keel, barring any incidents.
So, what are you going to do with all that “free time” in May? Might I suggest you pick up the pace on projects that you have been interested in, but can’t seem to quite get on the front burner yet. Maybe there have been some new reports you wanted to wring out of the data you have been accumulating in various audits or SOX tests? Perhaps you want to update the ERM database with some new Assessments? Maybe it is time to integrate Policy Management with what have been previously siloed activities?
And maybe it is the right time to get serious about the re-evaluating the way you do those tasks and the tools you have to do them with? If you have already made the determination that spreadsheets or legacy automation tools are no longer sufficient for today’s business needs, then May is an excellent month to devote a little time to considering your options.
If you were planning on looking at some software demos in 2011, do it in May. If you have already seem some, but need to narrow down to a “short list”, do it in May. And most importantly, if you have pretty much made up your mind on what you want, plus have an approved budget, don’t delay until 2nd half of the year to move the purchase through your internal purchasing system. Why? Because before you know it you are dealing with another Qtr Close, initial planning for 2012 and the chance that previously approved funding gets cut if management gets nervous about the next quarter.
There will always be the crisis of the day, the unexpected request from management and the ongoing pressure of too much to do with too little staff. But relatively speaking, May is generally a better month to “catch up” than the one preceding it or following it, so don’t let the opportunity pass you by to make the most of it.
Best regards,
Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
April 18, 2011 | Morris Plains, NJ: DoubleCheck™ LLC, a leading provider of enterprise GRC & Audit solutions, today announced that OmniCare has selected DoubleCheck to implement an integrated GRC & Audit Solution.
DoubleCheck was chosen to improve the efficiency and responsiveness of the GRC & Audit environment, with a solution supporting financial reporting compliance and Internal Audit, including automation of workpaper management on a global basis.
The DoubleCheck solution will replace an existing solution, providing an ability to optimize business processes and better share data and information across several hundred organizations.
Additionally, powerful dashboards and real-time reports will allow management to understand current status and enable timely strategic and operational decision making.
“Using an integrated GRC & Audit approach, with workflows and reporting processes that are configured to OmniCare’s specific needs, will allow OmniCare to assure world-class performance in audit and compliance. We are delighted to add OmniCare to the family of DoubleCheck clients,” said Joseph Cincotta, President and CEO of DoubleCheck.
About DoubleCheck™ LLC: DoubleCheck™ LLC is a leading enterprise-level GRC & Audit solutions software company. The DoubleCheck product portfolio includes solutions for Compliance, Corporate Governance, Risk Management and Audit Management. A leading research firm, Gartner, has identified DoubleCheck as a vendor that can provide all four elements of a complete Enterprise GRC solution: Audit Management, Compliance Management, Risk Management and Policy Management. DoubleCheck™ is ideally suited to provide the solutions, tools, information, reporting systems and exceptional customer support essential to ensure a productive, efficient and well-organized Governance, Risk, Compliance and Audit Management business processes.
For more information about DoubleCheck LLC, please contact:
Mr. Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
How many times in your professional or personal life have you taken an action that had seemed inconsequential at the time but had far reaching unanticipated effect? This phenomenon is sometimes referred to as “The Law of Unintended Consequences”. This month’s DoubleCheck™ Newsletter is going to show you a unique way of mitigating both the likelihood and impact of this occurring in your organization. It involves using a unique feature of the DoubleCheck™ GRC & Audit Platform we call a “Group View”.
Most automated GRC tools are limited to a single hierarchy format familiar to most of you (Accounts, Processes, Risks, Controls, Tests, Issues, Tasks, etc). You may not have all these items on your “Tree”, but you are likely limited to seeing the relationships and linkages in this vertical format. IT people will often refer to this as the “parent and child” item relationship. The DoubleCheck™ tool set also includes this traditional view of the data in your system:
What makes the DoubleCheck™ GRC & Audit Platform unique is that with a single click of the mouse you can not only see the “parent and child” relationships of your data, but also the “aunts, uncles, nieces, nephews, etc.”. This data-centric 360 degree Group View allows you to immediately know what other areas or people could be impacted by an action you take (such as a test of a Control) that might not be apparent in a more traditional tree view of the information:
By being aware of the areas that could be impacted by your actions in advance, you can avoid (or mitigate through pro-active communication), the potential for “unintended consequences”.
By the way, this unique feature works equally well for Audits: 
If you would like to learn more about this unique feature and its’ potential benefits to your organization, just give me a call.
Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
The laws of physics tell us that a body at rest tends to stay at rest. In the business world, if you stay “at rest”, someone else is going to pass you by.
The question to ask yourself is whether you are happy with the status quo, or just afraid of the effort and risk required to change? If you are still using an outdated tool set to manage your governance, risk, compliance and audit activities, is it because you are happy with voluminous spreadsheets, or are you in fear of the effort and risk you think it will take to migrate to a more automated platform?
In our experience, one of the key points of resistance to considering a new way of managing GRC & Audit activities is the fear that the migration to a new software platform involves major resources (people, dollars and time) and significant re-training of personnel. These concerns are typically driven by previous experience dealing with enterprise-wide ERP implementations that can take years and $MM to complete. This is the wrong point of reference; at least as far as we are concerned.
Most GRC & Audit types of implementations, according to leading independent analysts, tend to be tactical in nature at the beginning. They are intended to address specific needs in certain functions or departments, like SOX Compliance, Testing or Assessments, ERM, Audit Planning, etc. Even if you are currently using a legacy software tool designed for one of these areas from 5-6 years ago, you might be able to realize efficiency, productivity and even cost savings by migrating to a current generation and scalable GRC & Audit platform.
What typically holds you back from considering this migration? Fear of the time and effort to make it happen (NOT the base cost). I’m told it will be “too painful” to retrain everyone, get accustomed to a new interface, etc. I hear this from companies that not only use legacy systems, they’re using legacy systems that aren’t being supported by the vendor anymore. What will the pain be like when it finally crashes and no one is there to fix it?
The DoubleCheck™ GRC & Audit Platform Implementation Plan addresses these concerns in a number of positive ways:
- We do the bulk importation of your data to configure the software to match your current environment and processes. No need to allocate an army to “key in” the data manually.
- We provide on-site training as necessary to ensure your key people understand the capabilities of the tool. No need to fly staff to a vendor “university” for training.
- Casual Users (eg. Assessment Takers) can be trained in just a few hours via WebEx. In fact, if all they do is answer Assessments or Questionnaires, they don’t even need to access the base system. They are auto-emailed a link to their assigned Assessment and just fill it out.
- Total importation of data, system configuration, implementation and training can typically be completed in 30 days. No pain or lost productivity due to long downtimes or transition periods.
If you have been frozen in place by the fear of migration, give me a call. Give us an opportunity to alleviate your concerns and assuage your fear. Let us put you in touch with DoubleCheck™ clients who have made the migration and can attest to the ease our customer support creates.
Let us show you how DoubleCheck™ can deliver:
“GRC & Audit Support the Way YOU Need It”
Best regards,
Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
Risk: Do you assess it or just audit it?
While this might seem like a simplistic question, the underlying premise is key. And the question is relevant to not only those with the word “Risk” or “Audit” in their job title, but everyone associated with Risks.
I had an interesting conversation yesterday that illustrated the dichotomy of these two approaches to Risk. It was with a senior person in the Audit function who was on a committee that was overseeing the acquisition of an ERM tool. The different approach to Risk the ERM people were taking versus this person’s perspective might as well have been an example from “Women are from Venus; Men are from Mars”.
This person was sharing with me how the ERM folks were seeking a software tool that would have strong analytics and “horsepower” to compute to a high level of certainty the dollar value of each risk. That way, they thought they could rely upon the Internal Auditors to just audit the appropriate Controls associated with the high value Risks and accurately measure the cost of mitigating the Risk against the “quantified” cost of a potential Risk event itself.
The auditor’s point of view was that this approach would overly rely upon algorithms and “black box” computations, giving a false sense of certainty to the quantified output. Inputting “hard” costs into a Risk equation does not address the “soft” costs that might have even greater impact in occurrence of a Risk event. Just ask BP, Toyota, Deepwater Horizon, etc. about the financial impact of Reputational Risk, for example.
An alternative approach is to do an assessment of risks, gathering information and opinions from a varied constituency (such as the Risk Owner, Subject Matter Experts, Senior Mgmt, etc.). While you can also capture their best estimate of the “hard” cost of an event on a specific risk, you can also capture the important qualitative context of their response, which then gives senior management the ability to understand the assumptions being used.
This will provide a more reliable setting for the scoping of the Risks, similar to AS5 scoping for Key vs. Non-Key controls. In fact, there should be a correlation between High Risks and Key Controls. A fully integrated GRC & Audit platform with a strong Assessment engine, such as DoubleCheck™ offers, provides the framework for integrating these seemingly separate activities for all concerned parties.
However, if there is a disconnect between the scoping of Risk (assessment takers) and those who audit the risks and associated controls (auditors), then you have the potential scenario set for “the operation was a success but the patient died”. The “assessment” of risk is a necessary first step before you can “scope” risk, in my opinion. And the quantification of a risk is merely a gross estimate to help with scoping key vs. non-key risks; it is not a number you can “take to the bank”. In fact, if you rely too heavily on the estimate to justify the cost/benefit of not spending on the correct mitigating control, you might find yourself facing the old adage of “an ounce of prevention is worth a pound of cure”. And the internal auditors (and external auditors too) will be right there to audit, measure and report on the financial impact of your failing to properly assess, scope and mitigate the risk. Small solace.
For more information about DoubleCheck LLC, please contact:
Mr. Paul Fine
Director of Marketing & Business Development
DoubleCheck LLC
770-565-8616
pfine@doublechecksoftware.com
www.doublechecksoftware.com
« Previous Page — Next Page »
