Compliance Attestation

Compliance Attestation engagement examines an organization’s compliance with specified requirements or a written assertion thereon. AT Section 601 / Compliance Attestation Engagements of the AICPA’s Statement on Standards, provides guidance for engagements related to either (1) an organization’s compliance with requirements of specific laws, regulations or rules or (2) the effectiveness that an organization’s internal controls comply with specific requirements.

Roosa CPA, LLC performs compliance attestations on IT and operational controls using the following frameworks and regulatory requirements:

• Drug Enforcement Administration (DEA) 1311.120 Electronic Prescriptions for Controlled Substances
• Gramm Leach Bliley Act (GLB), also known as the Financial Services Modernization Act
• Health Information Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Sarbanes-Oxley Act (SOX)
• Various state laws and regulations

Who Should Consider a Compliance Attestation?

• Organizations that need to comply with a particular regulatory requirement.
• Organizations that seek to benchmark its operations or segment of its business against control frameworks mandated by regulatory requirements.
• Organizations that their customers are requiring a compliance audit report that contains an independent CPA’s opinion that addresses their compliance with the requirements of specific law, regulation or governing body’s rules. This is the primary difference from an Agreed-Upon Procedures Engagement which does not provide an opinion.

For More Information Speak to an Independent CPA at Roosa CPA, LLC (877) 410-8516