Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
About Megan Kovash (Partner, CPA)
Megan Kovash works primarily on SOC audits with experience in financial audit and internal audit as well. Megan started her career in January 2012 after completing her Masters of Accountancy with the University of Denver. She worked in the Risk Assurance group at Ernst & Young, then moved to the Internal Audit Data Analytics group at Charles Schwab. She is now a Partner at Linford & Co., LLP. Megan enjoys working with clients and coworkers to find and implement solutions to better her client’s business.
The Cloud Security Alliance (CSA) and the AICPA
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
SOC 2 vs PCI DSS: What’s the Difference?
Many users are unsure as to the difference between a SOC 2 (System and Organization Control) report and PCI DSS (Payment Card Industry Data Security Standard) compliance. While the two may have overlapping areas of focus, they are quite different. The main difference between the two is that PCI is specific to businesses that accept […]
SOC 2 vs SOC 3 Reports: What is the Difference?
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what the difference is between a […]
Understanding SOC Services: Organization Control Audits
What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits […]
A SOC 2 Compliance Checklist Doesn’t Exist, But Guidance Does
Has one or more of your customers requested that you undergo a SOC 2 audit? If so you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? The answers are not as straightforward as you may have hoped as no SOC 2 report is the same. […]
How Bad is a Qualified Report? Understanding SOC Report Opinions
How bad is a qualified report? This question comes up almost every time a qualified report is issued to a service organization.
SOC 1 (f. SSAE 16) Review Guidance
Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors.