Compliance Assessments and Attestations

The AICPA’s AT 601 Compliance Attestation Standard allows a CPA firm, such as Morice & Layton, to attest to an entity’s compliance with requirements of specified laws, regulations, rules, contracts, or grants or the effectiveness of an entity’s internal control over compliance with specified requirements. The compliance requirements may be either financial or nonfinancial in nature.

Morice & Layton performs assessments of internal controls (including IT controls) based on specific regulatory standards and frameworks. The following is a partial list of regulatory statutes that can be used as a basis for assessment:

  • The Gramm Leach Bliley Act (GLBA)
  • The Fair Credit Reporting Act (FCRA)
  • The Truth in Lending Act (TILA)
  • The Real Estate Settlement Procedures Act (RESPA)
  • OFAC SDN Search Requirements
  • The Federal Trade Commission (FTC) Standards for Safeguarding Customer Information
  • The North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Requirements
  • The Sarbanes-Oxley Act (SOX) Compliance
  • NIST 800-53 Controls in Support of the Federal Information Security Management Act (FISMA)
  • Securities and Exchange Commission (SEC) Custody of Funds by Investment Advisers Rules
  • The Health Information Portability and Accountability Act (HIPAA) Security and Privacy Rules
  • Loan Servicing Requirements (such as those required by Fannie Mae and Freddie Mac)