Our consulting engagement is designed to prepare you for the inevitable day the SEC comes knocking, driven by our experienced vCISOs, who’ve been in the boardroom through real audits.
As cybersecurity continues to evolve and hackers become more and more sophisticated, the SEC Office of Compliance Inspections and Examinations (OCIE) has prioritized evaluating funds, specifically against the areas of risk cited in multiple Risk Alerts the regulator has released since 2014. “Never before examined” (NBE) funds are at the greatest risk of being audited, with those firms that haven’t been examined in the last five to seven years coming in a close second. We say, “it’s not a matter of if, but when,” when it comes to being breached, and the same holds true for being audited by the SEC – it’s not if, but when. Agio’s SEC Cybersecurity Mock Audit is here to prepare you for when that day comes.
We begin your mock audit with in-depth reviews of your current documentation, helping us get up to speed with what cybersecurity measures you already have in place.
Over the course of one to two days we evaluate the policies, procedures, workflows, and required privacy/opt-out notices to identify areas where your firm may be deficient, and helping prepare your senior management to respond to an actual audit.
Before we begin the on-site mock audit, you identify the players on your side of the table. For most clients this is your CTO/IT Director, COO, CFO, HR, General Counsel, Investor Relations, and internal and/or outsourced IT team.
Your resulting report includes meaningful recommended corrective actions, mapped to each control, so your firm walks away with a remediation plan and the ability to demonstrate compliance with the required safeguards.
Our SEC Cybersecurity Mock Audit saves you time, energy, and resources because we review the elements of each risk alert and each piece of regulation, consolidate those requirements, and cross-map them – all so you don’t have to. Your assigned Agio Assessor is also a seasoned vCISO, comfortable dealing with your board, your C-suite, your investors, and yes – even the real SEC. Plus, by going through this process now, you’ll have the time to prepare your firm and develop your artifacts, reducing your effort, cost (and stress level) when you receive the notice of an actual exam. Remember, it’s not a matter of if, but when the SEC comes knocking – so when you’re ready to prepare, call us.