Banking and Financial Services


Healthcare and Insurance


High Technology and Manufacturing

Service Companies

Information Request

Contact Us

Service Companies

Companies that provide services or act as third party providers for publicly traded companies or regulated financial institutions have additional compliance responsibilities to fulfill. We can help you with these compliance responsibilities, and save you money when the SAS 70 review is performed.

Regulated financial institutions must provide reasonable assurances that they monitor the technical service providers they use, in accordance with FFIEC guidance and ensure that all service providers:
Are subject to an annual risk assessment process that identifies the business risks of using the particular service providers for business functions, including Privacy risks, when required.
Were selected based on sufficient due diligence and review of the service provider.
Have agreed to contractual metrics and procedures that have been reviewed by management and the legal department.
Are monitored on an annual basis to ensure they achieve the contracted service levels.
For Sarbanes-Oxley compliance and other compliance requirements, public companies must obtain assurances from their service providers that they have internal controls that are adequate in scope, sufficiently mitigate business risks, and that these controls are in place, functioning and can be relied upon. Typically these assurances are provided to the public company when the service provider has a Type II, SAS 70 (Statement of Auditing Standards) report.

FDC Associates can assist service providers by using our "Fast Track" pre-assessment program for internal controls. The "Fast Track" program provides management with an assessment of which of their internal controls are adequate and where they will need additional procedures or documentation of procedures to obtain a "clean" or "unqualified" opinion from the firm that performs the SAS 70 auditing.

We specialize in providing high-complexity technology audits, such as:

Internet Penetration Testing
Network Security and Vulnerability Reviews
Server and Database Security Reviews
Active Directory and Application Security Reviews
Service Provider and User Control Considerations
Sarbanes-Oxley Technology Reviews
IT General Control Reviews

For more information on how FDC Associates can be Your Partner for IT Audit and Governance Solutions, complete an Information Request or Contact Us.