When we are approached by a prospective client to perform a SOC 1 (f. SSAE 16) audit, we will ask what control objectives they want to include in the scope of the examination. In some cases, they have responded with their own question: What is a control objective? This blog will address that question, as […]
About Isaac Clarke (PARTNER | CPA, CISA, CISSP)
Isaac Clarke is a partner at Linford & Co., LLP. He began his career with Ernst & Young in 2003 where he developed his audit expertise over a number of years. Isaac specializes in and has conducted numerous SOC 1 and SOC 2 examinations for a variety of companies—from startups to Fortune 100 companies. Isaac enjoys helping his clients understand and simplify their compliance activities. He is attentive to his clients’ needs and works meticulously to ensure that each examination and report meets professional standards.
Are You Asking for a SOC Report? Do You Need One? When It’s Required
We often meet with executives of small and medium-sized companies who are debating whether or not they need a System and Organization Controls (SOC) report. The decision comes down to one simple question: “Are your customers asking for a SOC report?” If they are, you will need to get one or be prepared to lose […]
Securely Sharing SOC Reports: Answers to Common Questions
Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations
International Standards for SOC 1 & SOC 2: ISAE 3000 & ISAE 3402
The evolution of technology and its increased use has led businesses around the world to become more interconnected and interdependent of one another than ever before. Companies of all sizes can now easily reach and serve organizations around the globe, rather than just their region or country. As services provided by service organizations are increasingly […]
How Much Does A SOC Audit Cost?
There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients… How much is this going to cost? Chances are, if you are reading this, then you have the same question. The bottom line is, SOC audit costs vary, but audits typically range […]
What is an Assertion? How Audit Assertions Relate to SOC Reports
The Oxford dictionary defines an assertion as “a confident and forceful statement of fact or belief.” Making an assertion is often used synonymously with stating an opinion or making a claim. While assertions are made in all aspects of life, most people think of a company’s financial statements or the financial statements audit when they think of assertions in an accounting or business setting.
SOC 2 + HITRUST: How Your Organization Could Benefit From Both
Cybersecurity is a serious concern for the management and board members of organizations around the world. Consequently, service providers are being faced with increasing scrutiny and pressure to prove that they have taken appropriate measures to protect their systems, the client data that they process or store, and the systems and entities who use or […]
Establishing an Effective Internal Control Environment
Organizations flourish when they establish control environments that foster the efficient execution of operations. When done properly, good internal controls help organizations deliver value to their stakeholders and achieve their strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. This blog will help you understand 1) what a […]
What is the PCAOB? Auditing Standards & Inspection Reports
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.
What Is An Internal Auditor & Why Should You Hire One?
The Institute of Internal Auditors (IIA) defines internal audit as the “independent, objective assurance, and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Definition of Certified […]