Our CPA firm is not considered a service organization as defined by Statement on Standards for Attestation Engagements (SSAE) No. 16. Therefore, we do not have that type of audit completed. However, we do ensure that any of our vendors are compliant. The vendors we use are DropBox and FilesAnywhere.
As part of our hiring procedures, we perform a comprehensive background check of all applicants. Those background checks are performed by an independent agency, Infolink Screening Services, Inc.
* * * * *
Thank you for allowing us to serve your auditing needs. We value your business and are committed to protecting your privacy and that of your members. We hope you view our firm as your most trusted provider of auditing services, and we will work to continue earning your trust.
All work papers related to your engagement are stored electronically at our secured intranet site in compliance with state accountancy laws. We keep a detailed log of all electronic files stored at the secured intranet site. While we try to minimize the amount of paper generated in your engagement, that is not entirely possible. All files containing paper documents are stored in highly secured storage facilities in Marina del Rey and Corona, California. After the retention period prescribed by state accountancy laws, all audit documentation is shredded by a reputable firm. The storage boxes are picked up and loaded in the presence of a Richards & Associates, CPAs representative.
All client data in electronic format is stored on Dropbox and FilesAnywhere. Please visit the links listed above for the specifics of each site. We do not store any client supplied information on company computers. Richards & Associates, CPAs employees place a high priority on security and prohibited from permanently storing any client supplied information on their computers. This policy is enforced with periodic spot checks, and disciplinary action for any willful violations.
Richards & Associates, CPAs partners with another accounting firm for the clerical aspect of the preparation of audited financial statements. That other accounting firm assists us with the preparation of your financial statements using information posted to the NCUA or ASI websites (call reports). In addition to that publicly disclosed information obtained from the NCUA or ASI website, we provide the firm with some supplementary financial information. Under no circumstances is any member-related information shared with this firm. Transmission of general financial information is shared via our secured intranet site, using SSL encryption technology.
With the exception of the partnership mentioned above, Richards & Associates, CPAs does not share any information with other parties. However, we are required to submit certain financial reports directly to some regulatory agencies. Those reports are sent via common carriers, mostly using United Parcel Service (UPS). This allows us to track packages sent to regulatory agencies.
If electronic files are sent to any parties, it is done through our secured intranet site using SSL security to encrypt those files.
Because of the nature of our business, it is not practical for auditors to store their computers in a centralized office. We do require auditors to keep their computers in their personal possession at all times and not to leave equipment unattended. As mentioned earlier, no client related data is to be stored on company computers. If a computer were to be stolen or misplaced, that employees membership to the secured intranet site would be immediately cancelled, protecting all sensitive information.
All of Richards & Associates, CPAs employees are required to use a password to access their company computers. The computers are programmed to go into the stand-by mode after ten minutes of inactivity, requiring that password to resume activity.
As mentioned previously, all client-related information is stored on Dropbox and FilesAnywhere. We believe their password protected system prevents any unauthorized access through online connections. Richards & Associates, CPAs, employees are prohibited from storing any client related information on their company computers. Furthermore Richards & Associates, CPAs employees are not allowed to have their company computer remember passwords into the secured intranet site. Therefore the correct ID and password is necessary each time the secured intranet site is accessed. This would prevent a breach of security through unauthorized access via online connections.