The Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a set of security guidance that Exchanges must use in implementing and operating their IR systems in support of the Patient Protection and Affordable Care Act of 2010 (ACA). It is designed to ensure secure handing of Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) of US Citizens. MARS-E is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. Entities that provide information systems to agencies must prove they meet MARS-E through an annual assessment.
The Sarbanes-Oxley Act (SOX) created an accounting and compliance framework to which public companies must adhere. We have a full suite of SOX solutions for both accelerated and non-accelerated filers. Our approach incorporates the top-down, risk-based approach.
An Agreed-Upon-Procedures (AUP) engagement is one in which a licensed CPA firm is engaged by a client to issue a report of findings based on specific procedures performed on a specific subject matter. The user takes responsibility for the adequacy of the procedures. In this engagement, the accountant does not express an opinion or negative assurance. Instead, the report should be in the form of procedures and findings.