It is a misconception that the job of an auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements
About Jaclyn Finney
Jaclyn Finney started her career as an auditor in 2009. She started with Linford & Co., LLP. in 2016 and is currently a manager with the firm. She is a CISA with a special focus on SOC, HITRUST, FedRAMP and royalty examinations. Jaclyn works with her clients to provide a process that meets the needs of each customer and generates a tailored report that is useful to the client and the users of the report.
Materiality in Auditing: How to Prepare For Your Audit
Determining materiality in an attestation audit can be challenging when the scope of the audit cannot be quantitatively measured. As stated in an AICPA Discussion Paper, “When providing assurance services, it’s important that practitioners understand what information will most significantly impact stakeholders’ decision-making process, which is central to a practitioner’s consideration of engagement materiality.” In […]
Security Awareness Training: Implementing End-User Information Security Awareness Training
Exposing employees to the security threats that exploit businesses, seemingly weekly these days, can help companies protect themselves against those threats. This blog will present the importance of security training, options, and resources, and the frequency that training should be provided. What is Security Awareness Training? Security awareness training is the process of providing information […]
Risk of Material Misstatement – Audit Risk Components Related to SOC Reports
Obtaining evidence to confirm the design and operating effectiveness of controls used to support business objectives are completed during the audit process. One objective of this process is to look at the rate of deviations in an effort to determine if there is risk of material misstatement. In this post, we will look at different […]
What Are Internal Controls? The 4 Main Types of Controls
Internal controls (which include manual, IT-dependent manual, IT general, and application controls) are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating […]
Cloud Audits & Compliance: What You Need to Know
As the popularity of cloud computing has increased over the last decade, so has the maturity of standards used to govern these resources. This article will provide a definition of cloud computing and cloud computing audit, the objectives of cloud computing, the scope of a cloud computing audit and understanding cloud compliance, and audit steps […]
What Is Attestation?
The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization.
HIPAA Authorization: Requirements & Consent to Disclose PHI Under the HIPAA Privacy Rule
The Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media, whether electronic, paper or oral.
What is an Integrated Audit? Assessing Internal Controls
An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to asses this internal control structure.
Chaos Engineering: What is it? Should You Use it?
Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident […]