Risk Assurance

Compared to other accounting firms, Frost is an entrepreneurial organization focused on identifying new and creative ways to deliver value to our clients. Here are some of the specialized services we provide:


This is an audit of control activities including transaction processing and systems for organizations which host or process data belonging to their customers. Our auditors and risk assurance team design tests of controls tailored to your organization. To go directly to our SSAE site, click the following link: www.frostssae16.com.

Security Auditing & Network Penetration Testing

Targeted network attacks are occuring at an elevated rate and on a daily basis. These attacks are created and customized by individuals for the sole purpose of aggressively penetrating and exploiting vulnerabilities in your organization’s network with the ultimate objective of obtaining your sensitive data.

Frost, PLLC’s network security audits and penetration testing identify vulnerabilities and threats to your network and sensitive data. The following is a brief overview of our procedures.

Phase 1: People – Social engineering tests (phishing emails, malware, manipulation, etc).
Frost, PLLC is given the company name, contact info and very little else, only enough to ensure Frost has the correct target. Using open source resources, such as open databases and directories Frost tries to find enough information to attack the network. This is a purely black-box* style test, where the attacker is an outsider with very little inside information.

Phase 2: Technology – Outside footprint (routers, servers, hosted structure, etc).
This is a hybrid approach, where the attacker has some inside knowledge but is not an insider. In this phase Frost would ask some architecture questions and other information that could be used against the network.

Phase 3: Technology – Inside footprint (workstations, file servers, printers, phone systems, etc).
The technology phase is a white-box** test. Phase 3 simulates an insider, with direct knowledge of the environment and company operations. This phase can be carried out in a number of ways, including provisioning a limited user account that the penetration testing team would try to escalate to administration rights or take information that normally could not be accessed by outsiders.

These phases are progressive and if the systems are compromised in phase 1 then there is no need for the penetration testing team to ask for more information to use to break in with a phase 2 or 3 test.

*Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings.

**White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality.

Fraud Detection

If your company has a fraud occur, our forensic accountants can assist you in quantifying the fraud and designing processes to prevent future frauds. We also have a litigation support team that can serve as expert witnesses should you choose to prosecute.

Fraud Prevention

Internal controls can be costly to implement, but not employing them can be more costly if a fraud occurs. Our experienced team of forensic accountants can evaluate your processes and policies to assist you in developing internal controls based on assessed levels of fraud risk. We can also train your accountants to identify fraud indicators to prevent fraud before it occurs.

Technology Risk

Our Risk Assurance team offers a wide-range of technology risk management services designed to provide successful evaluation, review, monitoring and maintenance of your systems with minimal disruption to your daily operations.

Business Process Assessment

As your company grows and needs change, your processes should grow too. We can assist you in evaluating your current processes, to ensure your businesses goals and objectives are being met as effectively and efficiently as possible.

Data Analysis

Powerful tools, combined with years of analysis and audit experience, provide you with valuable insight for strategic and critical business thinking. Our team is comprised of IDEA experts, accountants and IT auditors who can help you identify what you need whether you’re looking for lost revenue or expanding the skills of your own audit department.

Internal Audit Risk Assessment and Audit Planning

An effective internal audit function begins with understanding your company’s greatest risks and opportunities. Our risk assurance team will create a risk profile which will serve as a base for developing an audit plan and allow management to control risks to achieve the organization’s goals and objectives. Our team can assist your company in establishing an internal audit function, manage a current internal audit function, or perform specific internal audit tests.

Agreed-Upon Procedures

If a complete SSAE 16 audit is not required, and you want a specific group of accounts, procedures or controls evaluated or reviewed, an ‘Agreed-Upon Procedures’ engagement may fit your needs. This can involve reviewing accounts, procedures or controls to evaluate their effectiveness or accuracy. Agreed-upon procedures engagements follow the process that you dictate. We add our auditing, accounting and risk services knowledge when needed to advise you on a specific or finite course of action.

Frost, PLLC SSAE 16

Comments are closed.