Compliance Assessments and Attestations

We provide a number of compliance type assessments on a wide range of topics and regulations. The AICPA’s AT 601 Compliance Attestation Standard allows a CPA firm, such as ML&F, to attest to an entity’s compliance with requirements of specified laws, regulations, rules, contracts, or grants or the effectiveness of an entity’s internal control over compliance with specified requirements. The compliance requirements may be either financial or nonfinancial in nature. These assessments can be structured for private or internal use or can be developed for use by parties outside the entity.

These services can also be performed in a preparation capacity, to assist the entity in bench-marking their current performance prior to an official attestation or audit. A preparation or readiness engagement would come in the form of an assessment, versus an attestation.

A compliance assessment would be an actual attestation that would be treated at the same level as a financial audit. The same type and level of testing would be used to determine if compliance had or is presently occurring with regards to a regulation or group of regulations within the entity.

ML&F performs assessments of internal controls (including IT controls) based on specific regulatory standards and frameworks. The following is a partial list of regulatory statutes that can be used as a basis for assessment:

  • The Gramm Leach Bliley Act (GLBA)
  • The Fair Credit Reporting Act (FCRA)
  • The Truth in Lending Act (TILA)
  • The Real Estate Settlement Procedures Act (RESPA)
  • OFAC SDN Search Requirements
  • The Federal Trade Commission (FTC) Standards for Safeguarding Customer Information
  • The North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Requirements
  • The Sarbanes-Oxley Act (SOX 404) Compliance
  • NIST 800-53 Controls in Support of the Federal Information Security Management Act (FISMA)
  • Securities and Exchange Commission (SEC) Custody of Funds by Investment Advisers Rules
  • The Health Information Portability and Accountability Act (HIPAA) Security and Privacy Rules
  • Loan Servicing Requirements (such as those required by Fannie Mae and Freddie Mac)