Megan Kovash works primarily on SOC audits with experience in financial audit and internal audit as well. Megan started her career in January 2012 after completing her Masters of Accountancy with the University of Denver. She worked in the Risk Assurance group at Ernst & Young, then moved to the Internal Audit Data Analytics group at Charles Schwab. She is now a Partner at Linford & Co., LLP. Megan enjoys working with clients and coworkers to find and implement solutions to better her client’s business.
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
When discussing the SOC audit process with clients, one of the first questions we are often asked is what the scope of a SOC 2 audit is. The answer is almost always, “It depends.” This answer can often be a point of frustration for many, as there is no quick answer. This is due to […]
One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]
Has one or more of your customers requested that you undergo a SOC 2 audit? If so, you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? Is there a SOC 2 compliance checklist I can use to prepare? The answers are not as straightforward as […]
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what a SOC 3 report is, […]
Risk evaluation and mitigation strategies for SOC 2 compliance is something I am being asked more frequently about by many first-time clients. In the following paragraphs, I will be discussing requirements for service organizations to consider when contemplating or undergoing a SOC 2 audit. Specifically, risk assessment and mitigation strategies in place at the service […]
Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors.
What is inherent risk and control risk and how do they relate to a SOC 2 audit? Inherent risk occurs due to the nature of the service provided and operation of the Company without consideration of any controls in place. Control risk is present as a result of the internal controls in place at the […]
How bad is a qualified report? This question comes up almost every time a qualified report is issued to a service organization.
