How bad is a qualified report? This question comes up almost every time a qualified report is issued to a service organization.
About Megan Kovash (Partner, CPA)
Megan Kovash works primarily on SOC audits with experience in financial audit and internal audit as well. Megan started her career in January 2012 after completing her Masters of Accountancy with the University of Denver. She worked in the Risk Assurance group at Ernst & Young, then moved to the Internal Audit Data Analytics group at Charles Schwab. She is now a Partner at Linford & Co., LLP. Megan enjoys working with clients and coworkers to find and implement solutions to better her client’s business.
Reasonable Assurance: What is It & How Does It Affect SOC Report Opinions?
In this blog, we will be discussing the concept of reasonable assurance, what reasonable assurance means, absolute assurance, and how they both relate to SOC report opinions. Understanding the meaning of reasonable assurance is useful to both management of the service organization and also the users of the SOC report. In relation to SOC reports, […]
SOC 2 vs. HIPAA: What’s the Difference Between a SOC 2 Report & a HIPAA Report?
Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.
How to Choose a VPN When Working from Home: Data Safety Considerations for Coronavirus
Due to current world events, many employees are now working remotely from home and the question of if a VPN is needed when working at home is at the forefront of many employers’ minds. In this blog, we will discuss what a VPN is, its benefits, if you need one, and how to select a […]
A SOC 2 Compliance Checklist Doesn’t Exist, But Guidance Does
Has one or more of your customers requested that you undergo a SOC 2 audit? If so, you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? The answers are not as straightforward as you may have hoped as no SOC 2 report is the same. […]
What are Gap or Bridge Letters in SOC Reports?
Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
The Cloud Security Alliance (CSA) and the AICPA
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
SOC 2 vs PCI DSS: What’s the Difference?
Many users are unsure as to the difference between a SOC 2 (System and Organization Control) report and PCI DSS (Payment Card Industry Data Security Standard) compliance. While the two may have overlapping areas of focus, they are quite different. The main difference between the two is that PCI is specific to businesses that accept […]
SOC 2 vs SOC 3 Reports: What is the Difference?
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what the difference is between a […]
Understanding SOC Services: Organization Control Audits
What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits […]