Governance at PortfolioAid is formally established through roles assigned for management and personnel, through processes documented within approved manuals, and through the adoption of specialist governing committees. The company’s governance model is based on concepts such as unity of command, segregation of duties, a structured control environment, an internal audit function, third party assurance audits, regular reporting, and regular policy review and training cycles.
Management is responsible for the direction and control of operations, as well as establishing, communicating, and monitoring control policies and procedures. As PortfolioAid management values accuracy and integrity, the organization maintains written and up-to-date procedures as well as sound internal controls over all functional aspects of operations.
Statement of risk tolerance
PortfolioAid offers a compliance solution in a heavily regulated industry in which reputation is crucial to our clientele. As a niche vendor, we must ourselves maintain a flawless reputation for ethical and competent behavior, and must convey stability. In making decisions in business conduct, the Company shall consider our reputation and the reputation of our clients. The Company shall also consider impacts to the quality of our products, our ability to serve our clients in a timely and effective fashion, and potential consequences to our financial standing. The Company shall engage only in activities that meet these criteria.
Annual service audit
PortfolioAid undertakes an annual audit to assess the company’s management of operational and information risk in the hosted PA360° environment. This audit is conducted against the principles of security, availability, confidentiality, processing integrity, and privacy, and covers:
- Business continuity and disaster recovery.
- The process of releasing software to the production environment.
- Data access rights, encryption, and data management.
- Human resources practices such as code of conduct, background checks, and termination processes.
- Service level management, policy management, and governance.
These audits have resulted in clean reports year over year.