Governance, Risk & Compliance

Keeping track of regulations and mitigating their potential cost to your business is an ongoing challenge. Risk is a four-letter word, and you want to minimize it at every turn. Still, you want your business to progress.

Long & Associates understands the nature of the regulated business environment and can help you manage the continuous uncertainty. We offer a wide variety of risk-management services, including those associated with I.T. back-office functions that can leave you vulnerable. Our services include Service Organization Control (SOC) reporting, SOX/JSOX compliance, total-quality management, internal audit and other business-advisory functions.

Internal Audit
Our goal for conducting internal audits is to add value to your organization and improve your operations. We combine our experience and working knowledge of risk management, processes and governance structures to help you achieve your company’s goals and safeguard your assets. L&A’s internal audit services extend to:

  • Internal control reviews
  • Internal control documentation and testing
  • Risk assessments – entity level and process level
  • Internal audit outsourcing and co-sourcing

Information Technology Audit
The IT world moves at an astounding pace and you need the processes and controls that can keep up with both risks and opportunities. L&A will work with you first to define the scope of your IT audit and then proceed with the functions you need to align your IT resources with your business goals.

IT audit
Managing your risks and remaining in legal compliance in large part depend on how accurate and secure your data platforms are, and that requires that your IT infrastructure be sound and aligned with your company’s strategic goals. We first gain a financial-based perspective on your technical processes, mining and monitoring your data in order to provide extensive IT audit and security services. We help you ascertain the integrity of your internal IT functions and assess risks with analyses and other activities to help ensure the reliability of your systems.

Controls automation
To remain competitive, businesses continue to automate their processes and upgrade their legacy systems. Automating controls is part of this dynamic. When you’ve decided that a certain portion of your process controls should be automated, L&A can help you implement effective strategies that ensure consistency and reliability.

SSAE-16 / SOC reporting
For service organizations that have an effect on clients’ financial statements, Service Organization Controls (SOC) reports are becoming increasingly important. Long & Associates excels in helping you meet your customers’ requests for this compliance, or in helping you obtain these reports as a means of providing extra assurance behind your work. From preparing your first SSAE-16 audit, to helping you transition from the SAS 70 environment, to providing full Type I or II SSAE-16 reports, we pride ourselves on creating high-quality, customized reports for your business.

Sarbanes-Oxley governance
The Sarbanes–Oxley Act of 2002 (commonly known as SOX) established new and enhanced standards for all U.S. public company boards, management and public accounting firms following a series of large corporate frauds and scandals.

SOX readiness & compliance
Sarbanes-Oxley (Section 404) specifically requires management to assess the effectiveness of a company’s internal controls over financial reporting. The SOX-compliance expertise Long & Associates will bring to your firm encompasses:

  • Project planning and management
  • Key control optimization
  • Documentation and testing
  • Controls remediation

JSOX readiness & compliance
Japan’s introduction of its internal control and financial reporting mandates – commonly referred to as J-SOX – means that Japanese companies and their subsidiaries in the U.S. and abroad are being held accountable in new ways. Through membership in The Japan-America Society of Georgia (JASG), L&A is committed to serving the needs of Japanese U.S. subsidiary companies in and around Georgia. Our compliance services extend to J-SOX compliance as well, including:

  • Project planning and management
  • Key controls optimization
  • Documentation, testing and controls remediation
  • Information technology support

Among our other governance, risk & compliance services:

Information safeguarding

Long & Associates can help you meet standards and adopt measures in order to reduce your risks associated with external regulatory factors. Two common today are the new technologies for credit card security that mandate new PCI DSS compliance requirements, and the complex rules tied to the Health Insurance Portability and Accountability Act (HIPAA) that protect patient health records. Let us make them less formidable.

SOC 1, 2, and 3 examinations

Long & Associates understands the service organization control (SOC) reporting process, and we can collaborate with you to help you meet your reporting and regulatory obligations. In addition to simple reporting, we provide insights relevant to internal controls, procedures, data and process management, monitoring and risk management. We can help you select the right SOC report option, such as SOC 1, SOC 2, or SOC 3, based on your needs and the expectations of your customers and prospects.