Rob started with Linford & Co., LLP in 2011 and leads the HITRUST practice as well as performs SOC examinations and HIPAA assessments. He has spoken at Data Center World on compliance-related topics and has completed over 200 SOC examinations. He started his career as an IT auditor in 2003 with PwC in the Systems and Process Assurance group, and has worked in a variety of industries in internal audit as well as for the City and County of Denver.
The concept of user control considerations within SOC reports has been around since SOC reports were referred to as SAS 70s, although the AICPA’s term used to describe user control considerations has changed over time. These controls are now known as complementary user entity controls (CUEC). You may also hear these controls referred to as […]
Qualified opinions mean that either the internal controls were not designed (Type I or II) or operating (Type II only) effectively for one or more control objectives included within a SOC 1 report or Trust Services Criteria included within a SOC 2 report. In a SOC report, management asserts that certain controls are in place. […]
One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.
A Third Party Administrator (TPA) is a service organization that provides a variety of services to the insurance industry in accordance with a service agreement.
Data analytics is defined as the process of inspecting, cleaning, transforming, and modeling data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making. Common uses of data analytics: Customer resource management (CRM) – Analytics can help companies monitor and understand customer actions and create more targeted advertising and services. Business intelligence – […]
