The Institute of Internal Auditors (IIA) defines internal audit as the “independent, objective assurance, and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Definition of Certified […]
You have poured your blood, sweat, and tears in to your startup and it is about to pay off. You are close to finalizing a deal with a new, large customer. You have worked long and hard to connect with them and demonstrate the value of your service or system. They are excited. You are […]
If you are reading this article, chances are that your auditor has told you that you have an audit exception or, even worse, multiple “audit exceptions.” Hearing that phrase strikes fear and panic into the hearts of many. While some of those reactions may be justified, I have found that many suffer more than necessary […]
For many people, the words “internal audit” conjure a sense of fear and anticipation of high cost. Even under the best circumstances, having someone review your activities can be intimidating, but internal audit provides an unbiased, independent review of data and business processes.
The International Organization for Standardization (ISO) is an independent, non-governmental organization made up of members from the national standards bodies of over 160 countries that set international standards related to products and services.
This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external […]
When we are approached by a prospective client to perform a SOC 1 (f. SSAE 16) audit, we will ask what control objectives do they want to include in the scope of the examination. In some cases, they have responded with their own question–What is a control objective? This blog will address that question as […]
There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients—How much does a SOC audit cost? Chances are, if you are reading this, that you have the same question. There are three components that make up the total cost to get a […]
Service providers often face a common question when determining how best to report on their control environment to clients who use their services—should we use the carve-out audit or the inclusive audit method for subservice providers? As a service auditor, I’ve been asked this question multiple times by different service organizations. The short answer is—it […]
In order to perform a HITRUST assessment, you must be able to score your organization’s control environment compliance with the HITRUST CSF Maturity Model. The maturity model is used for scoring both Self-Assessments and Validated Assessments (more info). Understanding how to use the HITRUST Maturity Model to accurately rate your controls’ compliance is critical as […]