Determining materiality in an attestation audit can be challenging when the scope of the audit cannot be quantitatively measured. As stated in an AICPA Discussion Paper, “When providing assurance services, it’s important that practitioners understand what information will most significantly impact stakeholders’ decision-making process, which is central to a practitioner’s consideration of engagement materiality.” In […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
I think most people would agree that 2020 has seen several changes to normal. When we first consider this new normal, we remember the bad things – the coronavirus pandemic, face masks, closed businesses, and everyone’s favorite: quarantine. But there have been some good things to come about during this year of change. We have […]
“Why wash your hands?” “How to Protect yourself and others.” These are headlines that I recently ran across while browsing daily news updates. For months, we’ve been bombarded with advice and guidance on how to stay healthy during the COVID-19 pandemic. While the guidance may vary, the topic of handwashing and avoiding hand contact (i.e. […]
In the world of accounting and audit services, assurance, attest, and audit play key roles. The question often arises: What is audit assurance? What is the difference between these three terms? How do they relate or complement each other? A definition check with Merriam-Webster provides the following: Assurance: the state of being assured: such as […]
In previous blog articles, we have covered HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Additionally, we hear a lot of “How does a HITRUST certification differ from HIPAA compliance?” This blog will […]
On December 31, 2017, compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (Revised Oct 21, 2016), Safeguarding Covered Defense Information and Cyber Incident Reporting became mandatory for all contractors (and subcontractors). Since then, the Department of Defense (DoD) has been striving to improve the security within the defense industrial base, or DIB. […]
In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your private data and your company’s data. Nonpublic data is valuable and if it can be sold […]
Most people have some degree of familiarity with contracts, but the nuances of contractual requirements related to an audit engagement are not always understood. If you are looking to engage an auditor, or if you have an existing engagement letter with an auditor, it is important to understand these nuances and the requirements for audit […]
Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.
The concept of continuous compliance monitoring has been around for many years. Continuous compliance monitoring can be stronger than traditional snapshot-in-time audits. Most traditional audits happen annually and auditors take the point in time evidence as well as evidence samples to gain assurance controls were in place over time. When auditors select samples, even the […]