With the rise of organizations providing artificial intelligence (AI) or machine learning (ML) tools and services, one has to wonder about the risks associated with those services and the security, at the very least, of the data used for and created as a result of the AI and ML services. Data considerations include the makeup […]
About Lois Colby (Partner | CPA, CIA, CISA)
Lois started with Linford & Co., LLP in 2020. She began her career in 1990 and has spent her career working in public accounting at Ernst & Young and in the industry focusing on SOC 1 and SOC 2 and other audit activities, ethics & compliance, governance, and privacy. At Linford, Lois specializes in SOC 1 and SOC 2 audits. Lois’ goal is to collaboratively serve her clients to provide a valuable and accurate product that meets the needs of her clients and their customers all while adhering to professional standards.
2023 Trust Services Criteria (TSCs) for SOC 2 Reports
There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.
SSAE-21: New AICPA Guidance for Assertion-Based & Examination Engagements
In September 2020, the AICPA issued a new Statement on Standards for Attestation Engagements (SSAE) labeled as SSAE No. 21, Direct Examination Engagements. You might ask, “Why do we care about it now?” We care about it now because it is effective for all practitioners’ reports dated on or after June 15, 2022. A date […]
Audit Trails for the SOC 1/SOC 2 Audit & Investigative Processes
Consider this, an organization has an internal or external audit about to start or an incident has occurred that needs to be investigated. These activities each require evidence to support the who, when, what, where, and why of the activity. One way this can be done is by tracing the activity through an audit trail. […]
SOC 2 Software Tools: How They Affect the SOC Audit Process
Over the last several years there has been a growth in the offering of SOC 2 software tools or, also thought of as SOC 2 compliance monitoring tools (of which these terms will be used interchangeably throughout this article). These tools provide functionality and support designed to help a service organization attain SOC 2 compliance. […]
Security & Privacy: You Can’t Have Privacy Without Security
In today’s world, great importance and attention are placed on personal privacy and, importantly, privacy over an individual’s personal information and data. The highly electronically connected world and easy availability of information on the internet and through information sharing between organizations raise the concern as to how individuals’ personal information and data are protected. There […]
External Penetration Testing & SOC 2 Reports: How Are They Related?
When discussing if a company has implemented the necessary controls to meet the AICPA Trust Services Criteria for a SOC 2 engagement, one of the questions that often comes up is if an external penetration test is required. To aid in the discussion, this article will focus on the makeup of an external penetration test […]
Entity-Level Controls: Impact On An Organization & The Audit Process
When considering controls for an organization, it may not be known that there are more than one level or type of control. To manage their business operations, organizations will have entity-level, divisional, regulatory, transaction-level, and process-specific controls to name a few. Of these controls, entity-level controls are considered to be a crucial part when: one […]
Defining Suitable Criteria in an Audit Engagement
When presented with the task of an audit being performed, the questions that the auditor and auditee have are: What is the objective of the audit? What is to be achieved? What is the need of the users of the output of the audit? Identifying Suitable Criteria Every audit is an evaluation of subject […]
A Guide to Audit Assurance: How Do Assurance, Attestation, and Auditing Fit Together?
In the world of accounting and audit services, assurance, attest, and audit play key roles. The question often arises: What is audit assurance? What is the difference between these three terms? How do they relate or complement each other? A definition check with Merriam-Webster provides the following: Assurance: the state of being assured: such as […]