Points Worth Repeating: Best Blogs of 2019 and Tips for 2020

Looking back over our posts from 2019, we found five that deserved a second look. Among the most popular articles published last year, some focus on compliance, others on audits. But they all have information pertinent in 2020, we’ve also added a few tips to make this year more productive for your organization.

Without further introduction, here are the blogs answering your most pressing questions over the last year.

What Happens if My Business is Not PCI-Compliant?

PCI compliance is no longer an option. Failing to meet regulations leaves your organization vulnerable to data breaches which are a real security threat in today’s environment. And the consequences are significant. Your business faces negative publicity, as well as some hefty fines and other consequences if you are found to be out of compliance during your annual PCI-arranged audit.

Fines could be levied even outside of the audit period if you have a data breach due to non-compliance, and it compromises the financial and personal data of your customers. These fines are often passed on from the payment processor or credit card company which is penalized. PCI non-compliance can be costly, based on how long it takes to become compliant.

• $5,000 to $10,000 per month for the first three months following the incident.
• $25,000 to $50,000 per month for the second three months following the incident.
• $50,000 to $100,000 per month beginning in the seventh month after the incident.

At these rates, it doesn’t take long to have the fines add up. In case of a data breach, the applicable fines range from $50 to $90 per compromised cardholder.

Tips for 2020

• Take the PCI-DSS: Self-assessment Questionnaire to analyze what areas your company needs to improve on to become PCI-Compliant.
• Ensure that your service providers are PCI compliant.
• Have a third-party perform an audit to verify your company’s continued compliance.
• Integrate controls and training programs to keep employees compliant going forward.
• Get informed about changes to PCI DSS which are expected to be released in 2020.

How Can an Internal Audit Help My Business?

An internal audit builds a snapshot of your company to evaluate performance and recommend ways to manage risk. From the audit, organizations can develop strategies to prosper in a competitive environment. A third-party auditor would perform the following:

1. Evaluate a company’s compliance with state and federal regulations and laws.
2. Analyze and assess risks and controls.
3. Review findings and make recommendations.

In today’s rapidly changing environment, it is essential that companies understand how to navigate the economic environment. A neutral third-party provides the best avenue to identify weaknesses so improvements can be initiated.

Read the full article: How Do Internal Audits Work?

Tips for 2020

• Find an internal auditor whom you trust.
• Identify ways to improve business operations and efficiency.
• Develop strategies to ensure growth and prepare for disaster recovery.
• Set a schedule for regular auditing period that fits the needs and operations of your business.

Can an Organizational Readiness Assessment Benefit My Business?

In 2020, more and more businesses are faced with how to begin a digital transformation. To survive, they must decide when, not if, to start the process. An organizational readiness assessment is one place to start. A readiness assessment measures how prepared your business is to undergo a major change or start a new, substantial project.

Using the information from the readiness assessment, a company can create a roadmap to achieve a move to digital. An assessment can pinpoint:

1. Available and over-extended company resources,
2. Employee attributes for change,
3. Areas of improvement to ensure change succeeds,

Once this information is gathered, your business can move forward and build a successful strategy with confidence.

Read the full article: Why Organizational Readiness Assessments are Important.

Tips for 2020

• Schedule an organizational readiness assessment.
• Develop a digital transformation strategy to meet the business growth goals set in the short and long-term.

Does My Business Really Need a SOC Audit?

A service organization has certain responsibilities to its clients in areas such as finance, organization, and security. One of your clients may request a SOC audit, or you may have decided to have an audit without a request. Today, there are four SOC audits:

1. SOC 1 (SSAE 18) audit looks at anything relevant to an audit of financial statements.
2. SOC 2 audit focuses on the controls related to security, processing integrity, confidentiality, and privacy.
3. SOC 3 audit addresses a specific area covered under SOC 1 or 2, but with less intensity.
4. SOC for Cybersecurity evaluates an organization’s controls for cybersecurity and associated risk.

Requesting a SOC audit is one way for companies to perform their due diligence when looking to work with a service organization.

Read the full article: How to Prepare for a SOC 2 Audit and How to Prepare for a smooth SOC 1 Audit.

Tips for 2020

• Standardize financial reporting procedures.
• Look for ways to strengthen and update your company’s cybersecurity measures.

Should My Company be Concerned with HITRUST CSF v9.3?

HITRUST CSF v9.3 incorporates requirements from the California Consumer Privacy Act 1798 that will go into effect on June 1, 2020. It also addresses South Carolina’s 4655 Bill on insurance data security and the NIST Special Publication 800-171 R2. Several updates were made to existing standards, such as:

• Trusted Services Criteria 2017 issued by the AICPA Assurance Services Executive Committee,
• CIS CSC v7.1 from the Center for Internet Security, Inc.,
• ISO 27799:2016 Health informatics – Information security management in health using ISO/IEC.

Organizations must be current with the newest standards and need to perform the right remediation to their policies, procedures, and controls to remain in compliance.

Read the full article: What to Know About the New HITRUST CSF v9.3: Effective January 1, 2020.

Tips for 2020

• Review HITRUST CSF v9.3.
• Perform an audit to ensure your company is in compliance with this updated version.

There’s a lot to think about as we look ahead in this new year and new decade. Whether it is preparing for a digital transformation or complying with PCI-DSS, you will be making decisions that will impact your company for years. I.S. Partners, LLC. helps organizations understand how to manage risk and evaluate their business operations. We can bring valuable clarity and perspective to the table related to assessments, standards, and regulations.

Whatever your business needs, we have a team of experienced professionals ready to guide your organization through the process. Fill out our contact form to receive a quote for services.

About The Author

John DeCesare

John has over 22 years of experience working in the manufacturing, distribution, not-for-profit, governmental, insurance, public utilities and service industries. John has expertise in various aspects of the accounting, auditing and consulting disciplines. He has directed a full range of value-added services and has consulted to Senior Executives in middle market and Fortune 500 companies. His experience includes Sarbanes-Oxley compliance, SOC 1 audits, outsourcing and contract services, financial management, accounting and strategic planning, due diligence, business restructuring / re-engineering, process improvement and risk assessment.