Understanding the limitations of internal control

Understanding the Limitations of Internal Controls – Learning to Mitigate Your Risk

You just received the draft SOC 1 or SOC 2 report from your auditor and as you’re scrolling through the opinion, you notice a reference to “Inherent Limitations.”  Inherent Limitations? Is your SOC report suggesting your controls are inadequate? Your auditor is not telling the world you have weak controls; however, every auditor opinion will reference […]

Risk of Material Misstatement

Risk of Material Misstatement – Audit Risk Components Related to SOC Reports

Obtaining evidence to confirm the design and operating effectiveness of controls used to support business objectives are completed during the audit process. One objective of this process is to look at the rate of deviations in an effort to determine if there is risk of material misstatement. In this post, we will look at different […]

Information security policies

Information Security Policies: Why They Are Important To Your Organization

In a previous blog post, I outlined how security procedures fit in an organization’s overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security […]

Coronavirus security threats

Coronavirus Security Threats: Tips to Mitigate Cybersecurity Risks

As if the COVID-19 pandemic isn’t enough to deal with already, coronavirus security threats are erupting as nefarious individuals use this crisis to target organizations and individuals for their own financial gain. This article addresses some of the coronavirus scams out there today that threaten your security and how you may protect yourself. Stimulus Payments […]

What is SOC 2?

What is SOC 2? An Expert’s Guide to Audits, Reports, Attestation, & Compliance

With the proliferation of data breaches and hacks that occur today, it’s no wonder there is a greater focus on information security. SOC 2 reports are general use reports that provide assurance to user organizations and stakeholders that a particular service is being provided securely. A SOC 2 can also include criteria related to Availability, […]

Cyber security work from home during coronavirus outbreak

Maintaining Optimal Cybersecurity with Remote Staff Working from Home During Coronavirus Outbreak

With COVID-19 requiring nonessential workers to work from home or social distance, many organizations are trying to navigate having their workers not in the office and still maintaining the optimal security methods from their home offices. Keep reading for some recommendations on how to maintain optimal cybersecurity with remote staff. How Do You Keep Up […]

Types of controls

What Are Internal Controls? The 4 Main Types of Controls

Internal controls (which include manual, IT-dependent manual, IT general, and application controls)  are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating […]