About Isaac Clarke (PARTNER | CPA, CISA, CISSP)

Isaac Clarke is a partner at Linford & Co., LLP. He began his career with Ernst & Young in 2003 where he developed his audit expertise over a number of years. Isaac specializes in and has conducted numerous SOC 1 and SOC 2 examinations for a variety of companies—from startups to Fortune 100 companies. Isaac enjoys helping his clients understand and simplify their compliance activities. He is attentive to his clients’ needs and works meticulously to ensure that each examination and report meets professional standards.

What is internal audit?

What is an Internal Audit? Answers to Common Questions

For many people, the words “internal audit” conjure a sense of fear and anticipation of high cost. Even under the best circumstances, having someone review your activities can be intimidating, but internal audit provides an unbiased, independent review of data and business processes.

Understanding an audit letter of representation

Understanding an Audit Letter of Representation (LOR)

This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external […]

Control objectives & activities

Control Objectives & Activities: What Are They & What’s Appropriate?

When we are approached by a prospective client to perform a SOC 1 (f. SSAE 16) audit, we will ask what control objectives do they want to include in the scope of the examination. In some cases, they have responded with their own question–What is a control objective? This blog will address that question as […]

Subservice organizations: carve-out audit vs. inclusive audit

Subservice Organizations: Carve-out Audit vs. Inclusive Audit Methods

Service providers often face a common question when determining how best to report on their control environment to clients who use their services—should we use the carve-out audit or the inclusive audit method for subservice providers? As a service auditor, I’ve been asked this question multiple times by different service organizations. The short answer is—it […]

How to score HITRUST CSF controls

How to Score HITRUST CSF Controls?

In order to perform a HITRUST assessment, you must be able to score your organization’s control environment compliance with the HITRUST CSF Maturity Model. The maturity model is used for scoring both Self-Assessments and Validated Assessments (more info). Understanding how to use the HITRUST Maturity Model to accurately rate your controls’ compliance is critical as […]

Establishing internal control

Establishing an Effective Internal Control Environment

Organizations flourish when they establish control environments that foster the efficient execution of operations to deliver value to its stakeholders and achieve its strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. This blog will help you understand 1) what a control environment is, 2) the important role […]