IT Audit & Compliance Blog

If you are reading this article, chances are that your auditor has told you that you have an audit exception or, even worse, multiple “audit exceptions.” Hearing that phrase strikes fear and panic into the hearts of many. While some of those reactions may be justified, I have found that many suffer more than necessary [...]

With the rise of cloud computing, there has been an increased emphasis within the government to transition to commercial cloud services. In fact, it is actually mandated within the government to move to cloud-based services if they are available to meet the mission need of the federal agency. This is all in an effort to [...]

In simple terms, security data breaches are when a company vulnerability (technical or non-technical [i.e. employee related]) is exploited and, as a result, access to customer information or other data, applications, or networks is granted to an unauthorized individual. When a breach occurs, depending on the security framework, notification of the security breach is required. [...]

When considering HIPAA compliance, it’s a bit of the wild west out there right now. The Office of Civil Rights (OCR), enforces fines and sanctions for HIPAA violations, but it is mostly on a reactionary basis. You can review the HIPAA cases currently under investigation and get a sense of the type of incidents and [...]

In its simplest form, a royalty audit is a financial inspection that determines whether a licensee (user of a patent/license/franchise) is paying the licensor (owner of the patent/license/franchise) the correct amount of royalty fees. [...]

The International Organization for Standardization (ISO) is an independent, non-governmental organization made up of members from the national standards bodies of over 160 countries that set international standards related to products and services. [...]

Each online business application has their own set of assets that need to be protected in order for them to maintain privacy of information and maintain a positive reputation in the eye of clients or consumers. In the post, we will discuss the principles of security and privacy, define terms used to complete risk assessments, [...]

This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external [...]

In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or [...]

The Trust Services Criteria (TSC) were developed by the AICPA Assurance Services Executive Committee (ASEC). The available TSCs for a SOC 2 audit include: Security (also known as common criteria). This is the only required TSC and is included to demonstrate that systems at a service organization are protected against unauthorized access and other risks [...]