About Jaclyn Finney


Jaclyn Finney started her career as an auditor in 2009. She started with Linford & Co., LLP. in 2016 and is a partner with the firm. She is a CISA with a special focus on SOC, HITRUST, FedRAMP and royalty examinations. Jaclyn works with her clients to provide a process that meets the needs of each customer and generates a tailored report that is useful to the client and the users of the report.

ALL ARTICLES BY Jaclyn Finney:
SOC 2 Considerations for SaaS companies

SOC 2 Considerations for SaaS Providers from an Audit Professional

SOC 2 considerations for software as a service (SaaS) providers can be a hard decision. On one hand, it has oftentimes become a contractual requirement but on the other hand, if that client or clients requesting the report do not provide enough revenue to offset that expense, the business case to move forward may not […]

Cloud audit compliance

Cloud Compliance Audits: What You Need to Know

As the popularity of cloud computing has increased over the last decade, so has the maturity of standards used to govern these resources. This article will provide a definition of cloud computing and cloud computing audits – the objectives of cloud computing, the scope of a cloud computing audit, understanding cloud compliance, and audit steps […]

Vulnerability management maturity model

Vulnerability Management Maturity Model, Procedures, Threats, & More

Vulnerability management, in general, is supported by the idea that once an organization identifies a vulnerability that exists within its environment, proper steps should be taken to remediate that vulnerability. Those steps include being prepared, knowing when to identify the vulnerability, analyzing the vulnerability, communicating information to the right individuals internal and external to the […]

What are internal controls

What Are Internal Controls? The 4 Main Types of Controls in Audits (with Examples)

Internal controls (which include manual, IT-dependent manual, IT general, and application controls) are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating […]

SOC 2 security incident reporting

SOC Incident Reporting: What are SOC 2 Security Reporting Requirements?

Over the last year, the world saw a number of major security breaches in the news. Some notable ones include the SolarWinds attack, Colonial Pipeline Hack, and JBS U.S. Beef plant attack. Unfortunately, attacks are nothing new. Other major attacks over the years have included the Equifax data breach, Uber data breach, and WannaCry cyber […]

HITRUST vs. SOC 2 audits

Navigating Compliance Frameworks: SOC 2 vs. HITRUST

Over the past few years, it seems like there is a new compliance framework that companies are required to follow every year. And many companies are trying to understand which one applies, how many they are required to obtain, and how much it is going to cost. This blog will discuss two frameworks: SOC 2 […]

AICPA peer reviews & standards

AICPA Peer Reviews – Who Audits the Auditor?

Do you ever wonder if the CPA firm your organization decides to use has the right type of experience when going through the engagement process? Well, one question you can ask is the last time the CPA firm went through the AICPA peer review program. In this post, we will discuss what an AICPA peer […]


Materiality in Auditing: How to Prepare For Your Audit

Determining materiality in an attestation audit can be challenging when the scope of the audit cannot be quantitatively measured. As stated in an AICPA Discussion Paper, “When providing assurance services, it’s important that practitioners understand what information will most significantly impact stakeholders’ decision-making process, which is central to a practitioner’s consideration of engagement materiality.” In […]

Security awareness training

Security Awareness Training: Implementing End-User Information Security Awareness Training

Exposing employees to the security threats that exploit businesses, seemingly weekly these days, can help companies protect themselves against those threats. This blog will present the importance of security training, options, and resources, and the frequency that training should be provided. What is Security Awareness Training? Security awareness training is the process of providing information […]