To ensure our clients receive consistency in service and delivery, we use a proven audit methodology in the performance of all of our audits. We establish clear expectations immediately and draft reports early.
Our audit methodology is divided into four distinct phases and includes proactive communication throughout the audit process, rather than delivering requests for corrections at the end of the reporting period. This proven methodology streamlines the audit process, resulting in minimal business interruption and full compliance with the audit guidance and related interpretations.
- Phase I: Plan the Audit: During Phase I, we gain a clear understanding of the information technology environment, information systems, risks, controls, and management expectations.
- Phase II: Walkthrough and Evaluate the Design of Controls: During Phase II, we complete the procedures that provide the basis for our opinion on the suitability of the design of key controls. During this phase, we will often draft the report and communicate it with management.
- Phase III: Test Operating Effectiveness of Controls: During Phase III, we conduct tests of the operating effectiveness of key controls (in accordance with the procedures specified in the draft report) and gather sufficient audit evidence for our opinion.
- Phase IV: Report the Results: During Phase IV, we hold discussions with management and appropriate shareholders to ensure stakeholders are aware of the examination results and we deliver the final report along with a formal management communication.
We believe effective communication is central to having a successful audit. At Linford & Company, we strive to build relationships of trust with the organizations we audit and other stakeholders that have a direct interest in the audit. We prefer to hold frequent status updates with those we audit during on-site fieldwork so we may discuss the progress of our examination and the interim results of our testing. We know that surprises resulting from a lack of communication—especially for critical audit examinations—can be stressful and we make it a priority to minimize these surprises.
Many audits are derailed by (1) a lack of communication with the client early on, (2) a lack of experience with issues that arise relating to the audit guidance, or (3) auditors that lack technical expertise in the client’s technology systems. At Linford & Company, we are veterans (including the employees conducting fieldwork) in efficient and effective SSAE 16/SOC 1, SOC 2, technology, and HIPAA/HITECH compliance assessments.