Having served many household name brands, Sunera professionals have an extensive and significant understanding of Retail Industry. Our industry experience runs across our entire range of service offerings and has been shown to drastically reduce the overall cost of compliance. Specifically we have provided multiple solutions to our clients in the areas of internal audit, IT audit, Sarbanes-Oxley, information security, PCI compliance, data privacy, network infrastructure, business continuity, disaster recovery, SAP GRC, and business and technology advisory.
PCI Compliance
Sunera provides a full-array of Payment Card Industry (PCI) consulting services designed to help both merchants and service providers achieve a cost effective solution to meet their specific payment card brand and level compliance requirements. Sunera is a PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). Our professionals have served all levels of merchants and service providers across a broad spectrum of retail sectors.
Sunera’s PCI compliance services include:
Annual Onsite Audit
Gap Analysis
Penetration Testing
Quarterly External Scanning
Remediation Assistance
Roadmap to Compliance
Self Assessment Questionnaire Completion
Web & Application Code Reviews
For more information on Sunera's PCI Compliance Audit and ASV Scanning Services click here.
Information Security
In the Retail Industry, a company’s brand means everything. An information security breach that disrupts company operations or compromises customer or employee data can be devastating from both a financial and reputational perspective. Sunera’s Information Security Services provide can retailers with comprehensive security testing assessments and remediation assistance to identify and repair any threats or weaknesses within the company’s infrastructure or its applications. Sunera’s Information Security Consultants are Certified Information Systems Security Professionals (CISSP) and have delivered services to several large retailers.
Sunera’s Information Security services meet the very specific business, technology and compliance needs of the Retail Industry.
Our testing and assessment services include the following:
- Vulnerability & Wireless
- Penetration Testing & Web Application Security
- PCI Compliance Audit & ASV Scanning
- Physical Security & Social Engineering
IT Audit
Using our depth of IT auditing in the Retail Industry, we have created an efficient approach to performing our procedures within this environment. The Retail Industry demands pragmatic solutions to address its IT risk areas such as: reliance on third parties; ERP controls; point-of-sale (POS) systems; and security of customer information. Our resources are experienced with this industry and focus our efforts to these specific areas of risk to reduce costs and improve quality.
Our typical IT audit projects include:
IT Audit for Sarbanes-Oxley Compliance
ERP Quality Assurance
Pre and Post Integration Reviews
Application Security & Control Audits
IT Governance Reviews
Information Security Assessments
Internal & External Vulnerability Testing
Web Application Testing
Continuous Monitoring
Sunera offers a variety of continuous monitoring programs that have been developed by our experts and implemented at our best retail clients to not only provide effective controls monitoring but to also help achieve cost savings. We utilize ACL software tool (www.acl.com) to interrogate large amounts of transactional data and develop custom scripts to meet our client’s program needs. Each program has been tested and proven to provide accurate results.
Continuous Monitoring Programs
- Payroll / Minimum Wage – We can extract hours and pay rate information by location and compared this data to minimum wage laws by state/city and determine where our client was over and underpaying. We are able to analyze the data and determine where pay rates vary outside of normal amounts for certain wage categories and where the company is incorrectly supplementing pay for inaccurate tip reporting, as well as paying minimum wage levels for staff less than 18 years old.
- Consolidation / General Ledger – We can create a continuous monitoring program to identify any changes to a chart of accounts that may impact financial reporting including the mapping to financial statement line items.
- Fixed Assets – We can create a program to identify errors in fixed asset balances such as items classified to the incorrect asset class, incorrect amounts of depreciation, and items that are being amortized beyond lease terms by matching asset locations to leasing data.
- Accounts Payable – The accounts payable program can identify duplicate payments in procurement data by comparing invoices paid for same vendor, invoice, date etc. in various combinations.
- Purchasing – Our purchasing program utilizes ACL to identify vendors that may have links to employees of the organization, and follow up on possible conflicts.
- Expenses – Sunera’s expenses program identifies peculiarities and irregularities in items claimed on expense reports including types of expenses outside normal ranges as well as amounts that are not in accordance with reimbursement policies.
Gift Card Accounting
Gift cards and related “deferred revenue” accounts are significant balances for many retailers. Our experience has shown that these balances are sensitive to the accounting policies and assumptions made regarding their sales and redemptions. In addition, retailers are becoming more and more reliant on the POS systems to capture transactions, and reconcile these to statements provided by third-party providers. Due to the many assumptions as well as the volumes involved, these balances are at risk of being misstated in the financial statements. Accordingly, we can assist with the evaluation, internal audit and/or remediation of this process to ensure the procedures and related controls are appropriately designed and operating effectively.
Financial Close Process
Complex or otherwise, Sunera can help with defining and improving a financial close process through to the consolidation. We are experienced with analyzing very complex multinational close processes to identify the timing, process steps, and controls, as well as improving the efficiency and effectiveness of the overall process.
Our evaluation of best practices include:
- Assessing close timelines
- Evaluating use of technology
- Identifying types and levels of review
- Evaluating procedures for management estimates
- Assessing quality of documentation
- Identifying areas of unmitigated risk
- Diagnosing workflow issues
Once issues are identified and analyzed, we are experienced with recommending best practices to remediate key issues, improve workflows, as well as provide ongoing transition throughout the remediation efforts.
Additional Services
Internal Audit
Outsourcing & Co-sourcing
Sarbanes-Oxley Assistance
Store/Franchise Audit
Operational & Business Process Audits
Enterprise Risk Assessments
Forensic/Fraud Audits & Investigations
Regulatory Compliance Audits
Information Security
Data Privacy Assessment & Program Establishment
Business Continuity & Disaster Recovery planning
