Governance at PortfolioAid is formally established through roles assigned for management and personnel, through processes documented within approved manuals, and through the adoption of specialist governing committees. The company’s governance model is based on concepts such as unity of command, segregation of duties, a structured control environment, an internal audit function, third party assurance audits, regular reporting, and regular policy review and training cycles.
Management is responsible for the direction and control of operations, as well as establishing, communicating, and monitoring control policies and procedures. As PortfolioAid management values accuracy and integrity, the organization maintains written and up-to-date procedures as well as sound internal controls over all functional aspects of operations.
Statement of risk tolerance
Annual service audit
PortfolioAid undertakes an annual audit to assess the company’s management of operational and information risk in the hosted PA360° environment. This audit is conducted against the principles of security, availability, confidentiality, processing integrity, and covers:
- Business continuity and disaster recovery.
- The process of releasing software to the production environment.
- Data access rights, encryption, and data management.
- Human resources practices such as code of conduct, background checks, and termination processes.
- Service level management, policy management, and governance.
These audits have resulted in clean reports year over year.