Internal and external audits, while sharing some common elements, serve distinct purposes in an organization. In this blog, we will explain the key characteristics of each type of audit and examine how they overlap, as well as where they differ, to provide a greater understanding for our readers. What is An Internal Audit? An internal […]
About Becky McCarty (CPA, CISA, CRISC, CIA, CFE)
Becky McCarty has over 20 years of experience in internal controls, audit, and advisory services. She specializes in SOC 1 and SOC 2 examinations for Linford & Co., LLP. Becky completed a Bachelor’s degree in Business Administration (Accounting) and a Master of Science degree in Management Information Systems. She worked 6 years with KPMG LLP commencing in 1999, worked several years in the energy industry, and joined Linford & Co., LLP in 2018. Becky also served 9 years on the Board of Directors for a home healthcare nonprofit. She works closely with clients so that the examinations are performed efficiently and with minimal disruption while ensuring performance in accordance with professional guidance. She enjoys helping clients successfully achieve the requirements for their SOC compliance efforts based on their objectives and/or applicable trust services criteria.
How the COSO Principles & SOC 2 Trust Services Criteria Align
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control-Integrated Framework and the AICPA Trust Services Criteria are two control frameworks that are used to assess and improve the effectiveness of internal controls. While the COSO Principles are more general in nature, the AICPA Trust Services Criteria are more specific to outsourced service […]
What are the Benefits of Using VPN Encryption?
In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your sensitive private data such as your personally identifiable information (PII) and your electronic protected health information […]
Mobile Security Threats: What You Need To Know For SOC 2
As the sophistication and volume of mobile security threats increase, mobile device users and mobile application developers need to be vigilant and stay on top of emerging mobile security threats in order to protect their sensitive data and reputation. This blog delves into some common mobile security threats and what actions may be taken to […]
Considerations for Fraud Risk Assessment: COSO Principle 8
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 internal control framework includes five COSO components and 17 COSO principles and is part of the common criteria included in a SOC 2 assessment. The five COSO components include the following: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. For […]
What is Incident Management & Why is It Important?
Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan helps to return your system to […]
IT Change Management for Service Organizations: Process, Risks, Controls, Audits
What is IT Change Management? IT change management is a standardized end-to-end process that enables changes, including application, infrastructure, and configuration changes, to be deployed to a production IT environment in a controlled and consistently repeatable manner. IT change management provides the mechanism or workflow that makes sure only authorized changes are made to production. […]
What are Description Criteria for a SOC 2 Report?
The description of a service organization’s system in a SOC 2 report is required to be prepared and assessed utilizing the description criteria guidance put forward by the American Institute of Certified Public Accountants (AICPA). The description criteria will be discussed in this blog to provide guidance on the factors to consider when describing a […]
SOC Report Types: Understanding SOC Audits and the Differences Between a Type 1 vs Type 2 SOC Report
If you are being asked to obtain a System and Organization Controls (SOC) report by your existing user entity or a potential user entity, you may question whether you should obtain a SOC 1, SOC 2, or SOC 3 report. You may also wonder whether it should be a Type 1 or a Type 2 […]
Vendor vs Subservice Organizations: Understanding the Difference & How it Affects You
A service organization may have a number of vendors and subservice organizations engaged to assist them in meeting their objectives or achieving the service commitments to their user entities along with the system requirements necessary to do so. This article will explain the difference between a vendor and a subservice organization and provide some tips […]