INFORM Applications, Inc., an application
service provider specializing in Insurance
and Risk Management Information Systems (RMIS)
software, is pleased to announce that it has
recently completed a service auditor’s
review, commonly known as a SAS 70 audit, of
its INFORM solutions. The audit was
performed by a nationally recognized
independent auditing firm, and was completed
in January 2008. Included in the scope
of the audit were INFORM’s data input and
validation controls. The general
controls that support these activities were
also examined.
SAS 70 is an acronym for the American
Institute of Certified Public Accountants
(AICPA) Statement on Auditing Standard (SAS)
No. 70, titled “Reports on the Processing of
Transactions by Service Organizations”.
SAS No. 70 defines the professional
standards used by a service auditor to
assess the internal controls of a service
organization and issue a service auditor’s
report.
In order to complete the audit, INFORM
management developed control objectives for
the significant areas of internal control
that support the INFORM solutions. The
control objectives in the 2008 report
addressed each of the following areas:
·
Control Environment
·
Physical Security
·
Environmental Protection
·
Computer Operations
·
Information Security
·
Application Change Control
·
Data Communications
·
Data Input and Validation
INFORM’s service auditor performed extensive
testing of the control activities that have
been implemented by INFORM to help ensure
that our control objectives are met.
The service auditor’s testing allowed the
service auditor to opine on the following:
·
Whether the description of the controls
prepared by INFORM presents fairly, in all
material respects, the relevant aspects of
the INFORM’s controls that had been placed
in operation as of January 17, 2008;
·
Whether the controls were suitably designed
to provide reasonable assurance that the
specified control objectives would be
achieved if those controls were complied
with satisfactorily.
Following this rigorous examination, the
auditing firm was able to issue an
unqualified opinion regarding each of the
areas described above.
INFORM management recognizes that
Sarbanes-Oxley legislation has placed an
increased focus on the internal controls of
valued business partners. The SAS 70
audit report is designed to provide clients
with a certain level of assurance regarding
the controls that are maintained by INFORM
management. The SAS 70 report
addresses all five components of internal
control outlined in the Sarbanes-Oxley
legislation, namely the control environment,
risk assessment activities, control
activities, information and communication
systems, and monitoring activities.
The structure of our report is intuitive and
is designed to be incorporated well with our
clients’ Sarbanes-Oxley compliance programs.
Furthermore, INFORM’s management understands
the ever increasing importance of corporate
governance, as well as the impact of the
organization’s services on our clients’
system of internal controls. The
successful completion of the 2008 SAS 70
audit is only part of INFORM’s continued
commitment to maintaining a high level of
internal control. INFORM has engaged
its service auditor to a long-term contract
whereby INFORM will undergo a Type 2 audit
on an annual basis.
ABOUT INFORM
INFORM has been servicing clients for 27
years as an ASP solution provider. INFORM
provides top quality data consolidation
services to online reporting and online data
maintenance services to our clients in both
prepackaged and custom systems. INFORM
specializes in meeting client specific
requirements in a highly responsive manner.
From our inception INFORM has helped its
clients with cost of risk allocations and
benchmarking report tools to measure and
tracking risk management program
performance.
Please contact Alan Josefsek, President, to
obtain further information regarding
INFORM’s SAS
70 audit.
