About Newel Linford (MANAGING PARTNER | CPA, CISA)

Newel Linford is the co-founder of Linford & Co., LLP, the Managing Partner, and specializes in SOC and royalty examinations. He started his career with Ernst & Young in 1997. He has lectured at Data Center World, Rocky Mountain Area Conference for Finance & Accounting Professionals, University of Denver, and University of Colorado Boulder. He works closely with his clients so that the examinations meet the public needs and are performed in accordance with professional guidance.


Deconstructing an SSAE 16/SOC 1 (formerly known as SAS 70) Audit Report

Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors. These reports come out once a year, typically in the late Fall. While most organizations do a good job of recognizing the need to request these reports, often they are not properly reviewed and evaluated when received. So, what do you do with the report once it has been received other than give it the internal and external auditors?

SAS 70, SSAE 16, AT 101, SOC 1, 2, 3, SysTrust and WebTrust. Good Luck.

Recently, the AICPA has started referring to SSAE 16 reports as SOC 1 reports.  SOC stands for service organization control reports.  Not to be confused with SOX, which most know is an acronym for the Sarbanes-Oxley Act of 2002.  In any case, the AICPA is trying to simplify the many different types of reports service […]

SAS 70/SSAE 16 vs FISAP vs ISO 27002

Frequently there is a discussion from service organizations regarding which of these an organization should complete. Many service organizations get a significant amount of requests related to information technology controls and security. The requests come in different forms, whether it be for SAS 70 reports (changing to SSAE 16 reports after June 15, 2011), completed questionnaires, and sometimes for on-site audits by the user organizations. Some of the pros and cons of each are briefly described below.