Having the right controls in place is critical for an organization to protect its systems and safeguard its clients’ data. Identifying, designing, and implementing an appropriate set of controls is quite an accomplishment for most young companies. If you have implemented controls within your organization to maintain security, the next question to ask is: How […]
About Isaac Clarke (PARTNER | CPA, CISA, CISSP)
Isaac Clarke is a partner at Linford & Co., LLP. He began his career with Ernst & Young in 2003 where he developed his audit expertise over a number of years. Isaac specializes in and has conducted numerous SOC 1 and SOC 2 examinations for a variety of companies—from startups to Fortune 100 companies. Isaac enjoys helping his clients understand and simplify their compliance activities. He is attentive to his clients’ needs and works meticulously to ensure that each examination and report meets professional standards.
What is an Internal Audit? Answers to Common Questions
For many people, the words “internal audit” conjure a sense of fear and anticipation of high cost. Even under the best circumstances, having someone review your activities can be intimidating, but internal audit provides an unbiased, independent review of data and business processes.
Control Objectives & Activities: What Are They & What’s Appropriate?
When we are approached by a prospective client to perform a SOC 1 (f. SSAE 16) audit, we will ask what control objectives they want to include in the scope of the examination. In some cases, they have responded with their own question: What is a control objective? This blog will address that question, as […]
Are You Asking for a SOC Report? Do You Need One? When It’s Required
We often meet with executives of small and medium-sized companies who are debating whether or not they need a System and Organization Controls (SOC) report. The decision comes down to one simple question: “Are your customers asking for a SOC report?” If they are, you will need to get one or be prepared to lose […]
Securely Sharing SOC Reports: Answers to Common Questions
Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations
International Standards for SOC 1 & SOC 2: ISAE 3000 & ISAE 3402
The evolution of technology and its increased use has led businesses around the world to become more interconnected and interdependent of one another than ever before. Companies of all sizes can now easily reach and serve organizations around the globe, rather than just their region or country. As services provided by service organizations are increasingly […]
How Much Does A SOC Audit Cost?
There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients… How much is this going to cost? Chances are, if you are reading this, then you have the same question. The bottom line is, SOC audit costs vary, but audits typically range […]
What is an Assertion? How Audit Assertions Relate to SOC Reports
The Oxford dictionary defines an assertion as “a confident and forceful statement of fact or belief.” Making an assertion is often used synonymously with stating an opinion or making a claim. While assertions are made in all aspects of life, most people think of a company’s financial statements or the financial statements audit when they think of assertions in an accounting or business setting.
SOC 2 + HITRUST: How Your Organization Could Benefit From Both
Cybersecurity is a serious concern for the management and board members of organizations around the world. Consequently, service providers are being faced with increasing scrutiny and pressure to prove that they have taken appropriate measures to protect their systems, the client data that they process or store, and the systems and entities who use or […]
Establishing an Effective Internal Control Environment
Organizations flourish when they establish control environments that foster the efficient execution of operations. When done properly, good internal controls help organizations deliver value to their stakeholders and achieve their strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. This blog will help you understand 1) what a […]