Information Technology

Sarbanes-Oxley Internal Audit

Stinnett & Associates provides a variety of services that are tailored to meet the unique needs of our clients. Our framework is based upon the Control Objectives for Information and related Technology (COBIT) controls that were created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992.  We provide such services as:

• Project Initiation and Planning
• Risk Assessment of Control Designs
• Operating Evaluation of Key Controls
• Observations & Recommendations
• Remediation
• Evaluation of Remediation
• On-going Internal Control Monitoring

---

Internal Audit

For Information Technology Internal Audit to be effective, Stinnett & Associates takes a team approach.  Working with our clients to understand their environment, we can run parallel testing, application audits, infrastructure audits, or provide a total outsourced solution.  We provide such services as:

• Outsource IT Internal Audit
• Application Audits
• Parallel Testing for Application Migrations
• Infrastructure Audits
  • Logical and Physical Security
  • Database
  • Data Management
  • Network

---

HIPAA IT Audit

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.  At Stinnett & Associates, we work with clients to help understand and mitigate risk associated with HIPAA regulations.  We provide such services as:

• Defining the privacy applications and IT processes
• Developing privacy questionnaires and conduct interviews
• Developing a HIPAA risk assessment based upon industry standards
• Evaluating the Probability of the Risk Occurring
• Defining a Risk Mitigation Plan for each Risk
• Determining a Risk Owner

---

Security Access Reviews

Understanding and tracking security access risks can be a daunting task in many environments.  Yet, at Stinnett & Associates we believe that a strong plan for security access reviews and management is essential to mitigating risk. We are able to help our clients develop an initial plan or review and make recommendations to an existing plan. We provide such services as:

• Defining the applications for the Security Access Review
• Utilize automated tools to extract Security Access Information
• Obtain Human Resource Termination Reports
• Create a Security Access Matrix
• Develop a Security Access Evaluation Plan

---

Software Evaluations

Finding the right software, at the right time, at the right price is a challenge in most environments.  At Stinnett & Associates, we help our clients through an entire software evaluation project or assist with a specific subtask.  If you are looking for functionality, technical architecture, or if you are simply trying to understand the total cost of ownership (including on-going operational and maintenance costs), Stinnett & Associates is primed to assist.  We provide such services as:

• Define Business and System Requirements
• Evaluation of Software Solutions
• Request for Proposal (RFP) Processes
• Development of a Solutions Matrix
• Cost / Benefit Analysis of Software Solutions

---

Risk Management

We’ve all had experiences with an unwanted computer virus or unexpected hardware outage.  At Stinnett & Associates, we believe that understanding the potential risks in the Information Technology areas of an enterprise is essential.  Development of a strong risk management program starts with a clear understanding of the primary risks and mapping the key risks across organizational structures.  We provide such services as:

• Defining the privacy applications and IT processes
• Developing privacy questionnaires and conduct interviews
• Developing a HIPAA risk assessment based upon industry standards
• Evaluating the Probability of the Risk Occurring
• Defining a Risk Mitigation Plan for each Risk
• Determining a Risk Owner

---

Project Management

For clients that have a developed Project Management methodology, we are able to easily work within the client structure.  For other clients, Stinnett & Associates is able to draw upon our project management expertise to provide a solution.  In each project, we clearly define the scope which includes the expected business requirements, system requirements, technical architecture plan, risk assessment, budget information, and expected deliverables. Communication is key! Our clients recognize us for our communications efforts in engagements, which we believe contributes to our success. We provide such services as:

• Creating a Project Charter
• Scope Definition
• On-going Project Management
• Project Schedule / Project Plan Management
• Communications

---

Project Management Office

Stinnett & Associates is able to draw upon our project management expertise to assist clients in developing an internal Project Management Office (PMO).  Having standard approaches to project management can result in operational efficiencies and can help to mitigate risks.  Working together, we will develop a methodology that can be reused enterprise-wide.  We provide such services as:

• Define the Project Management Office Charter
• Define an Organizational Model Matrix
• Develop Project Management Methodology
• Define Roles and Responsibilities
• Establish Prioritization Review Board and Process
• Establish Project Management Documentation Repository
• Develop Project Management Documentation Templates

---