Understanding an audit letter of representation

Understanding an Audit Letter of Representation (LOR)

This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external […]

How much does a SOC audit cost?

How Much Does A SOC Audit Cost?

There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients—How much does a SOC audit cost? Chances are, if you are reading this, that you have the same question. There are three components that make up the total cost to get a […]

Subservice organizations: carve-out audit vs. inclusive audit

Subservice Organizations: Carve-out Audit vs. Inclusive Audit Methods

Service providers often face a common question when determining how best to report on their control environment to clients who use their services—should we use the carve-out audit or the inclusive audit method for subservice providers? As a service auditor, I’ve been asked this question multiple times by different service organizations. The short answer is—it […]

How to score HITRUST CSF controls

How to Score HITRUST CSF Controls?

In order to perform a HITRUST assessment, you must be able to score your organization’s control environment compliance with the HITRUST CSF Maturity Model. The maturity model is used for scoring both Self-Assessments and Validated Assessments (more info). Understanding how to use the HITRUST Maturity Model to accurately rate your controls’ compliance is critical as […]

Establishing internal control

Establishing an Effective Internal Control Environment

Organizations flourish when they establish control environments that foster the efficient execution of operations to deliver value to its stakeholders and achieve its strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. This blog will help you understand 1) what a control environment is, 2) the important role […]