About Megan Kovash (Partner, CPA)

Megan Kovash

Megan Kovash works primarily on SOC audits with experience in financial audit and internal audit as well. Megan started her career in January 2012 after completing her Masters of Accountancy with the University of Denver. She worked in the Risk Assurance group at Ernst & Young, then moved to the Internal Audit Data Analytics group at Charles Schwab. She is now a Partner at Linford & Co., LLP. Megan enjoys working with clients and coworkers to find and implement solutions to better her client’s business.

CONTACT AUDITOR
ALL ARTICLES BY Megan Kovash (Partner, CPA):
Guidance for Access Control Management

Access Control Management – Guidance for Audit Compliance

One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]

SOC 2 vs SOC 3

SOC 2 vs SOC 3 Reports: What is the Difference?

When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what a SOC 3 report is, […]

Risk evaluation and mitigation strategy for soc 2 compliance

Risk Evaluation & Mitigation Strategies for SOC 2 Compliance

Risk evaluation and mitigation strategies for SOC 2 compliance is something I am being asked more frequently about by many first-time clients. In the following paragraphs, I will be discussing requirements for service organizations to consider when contemplating or undergoing a SOC 2 audit. Specifically, risk assessment and mitigation strategies in place at the service […]

SOC 2 Reports: Inherent risk vs. control risk

Inherent Risk vs Control Risk: Audit Risk for SOC 2 Reports

What is inherent risk and control risk and how do they relate to a SOC 2 audit? Inherent risk occurs due to the nature of the service provided and operation of the Company without consideration of any controls in place. Control risk is present as a result of the internal controls in place at the […]

Reasonable assurance

Reasonable Assurance: What is It & How Does It Affect SOC Report Opinions?

In this blog, we will be discussing the concept of reasonable assurance, what reasonable assurance means, absolute assurance, and how they both relate to SOC report opinions. Understanding the meaning of reasonable assurance is useful to both management of the service organization and also the users of the SOC report. In relation to SOC reports, […]