If you are reading this article, chances are that your auditor has told you that you have an audit exception or, even worse, multiple “audit exceptions.” Hearing that phrase strikes fear and panic into the hearts of many. While some of those reactions may be justified, I have found that many suffer more than necessary […]
For many people, the words “internal audit” conjure a sense of fear and anticipation of high cost. Even under the best circumstances, having someone review your activities can be intimidating, but internal audit provides an unbiased, independent review of data and business processes.
The International Organization for Standardization (ISO) is an independent, non-governmental organization made up of members from the national standards bodies of over 160 countries that set international standards related to products and services.
This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external […]
When we are approached by a prospective client to perform a SOC 1 (f. SSAE 16) audit, we will ask what control objectives do they want to include in the scope of the examination. In some cases, they have responded with their own question–What is a control objective? This blog will address that question as […]
There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients—How much does a SOC audit cost? Chances are, if you are reading this, that you have the same question. There are three components that make up the total cost to get a […]
Service providers often face a common question when determining how best to report on their control environment to clients who use their services—should we use the carve-out audit or the inclusive audit method for subservice providers? As a service auditor, I’ve been asked this question multiple times by different service organizations. The short answer is—it […]
In order to perform a HITRUST assessment, you must be able to score your organization’s control environment compliance with the HITRUST CSF Maturity Model. The maturity model is used for scoring both Self-Assessments and Validated Assessments (more info). Understanding how to use the HITRUST Maturity Model to accurately rate your controls’ compliance is critical as […]
Chances are, if you are reading this, that you are considering obtaining a HITRUST Certification. This post will walk you through the HITRUST certification process. You will learn the major steps needed to prepare, be assessed, and obtain the certification. We will also highlight some of the pitfalls to avoid along the way. If you […]
Organizations flourish when they establish control environments that foster the efficient execution of operations to deliver value to its stakeholders and achieve its strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. This blog will help you understand 1) what a control environment is, 2) the important role […]