IT Audit & Compliance Blog

Obtaining evidence to confirm the design and operating effectiveness of controls used to support business objectives are completed during the audit process. One objective of this process is to look at the rate of deviations in an effort to determine if there is risk of material misstatement. In this post, we will look at different [...]

If you are beginning the process of looking into obtaining a SOC 1 or SOC 2 report you more than likely have a lot of questions. When speaking with prospects, many have questions related to the process of how a SOC 1 or SOC 2 audit is conducted – particularly questions with regard to the [...]

In a previous blog post, I outlined how security procedures fit in an organization’s overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security [...]

Due to current world events, many employees are now working remotely from home and the question of if a VPN is needed when working at home is at the forefront of many employers’ minds. In this blog, we will discuss what a VPN is, its benefits, if you need one, and how to select a [...]

With COVID-19 requiring nonessential workers to work from home or social distance, many organizations are trying to navigate having their workers not in the office and still maintaining the optimal security methods from their home offices. Keep reading for some recommendations on how to maintain optimal cybersecurity with remote staff. How Do You Keep Up [...]

Organizations flourish when they establish environments that foster the efficient execution of operations. Internal controls should help organizations deliver value to their stakeholders and achieve their strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. What Is the Control Environment of a Company? The Institute of Internal Auditors [...]

Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and [...]

  A FedRAMP Readiness Assessment is an opportunity for Cloud Service Providers (CSP) targeting government clients to demonstrate that they are ready to begin the FedRAMP process in earnest. With the end goal being a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB) or an ATO granted by a Federal Agency, CSPs, through the [...]

The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization. [...]