Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
If you are reading this article, chances are that your auditor has told you that you have an audit exception or, even worse, multiple “audit exceptions.” Hearing that phrase strikes fear and panic into the hearts of many. While some of those reactions may be justified, I have found that many suffer more than necessary […]
Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors.
So, you have a current customer or client asking whether you have completed a SOC examination.
The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.
The American Institute of Certified Public Accountants (AICPA) recently developed a Service Organization Control (SOC) Toolkit for firms that perform SOC engagements and their clients. The toolkit was developed to help firms navigate this emerging service area and help clients, prospects and service organizations understand the benefits of SOC engagements. The toolkit includes a number […]
A question that often comes up from service organizations and service auditors is this “Who can management distribute the report too?” The answer lies buried in the AICPA’s audit guides and is different depending on the type of service organization control (SOC) audit report.
So, you have a current customer or client asking whether you have completed an SSAE 16 examination. Now you may have some basic questions such as the following: What is an SSAE 16 audit report? A Type II SSAE 16 report is an independent report on the design and operating effectiveness of key controls at […]
Our firm has examined a wide variety of clients in a number of different industries. Considering the criticality of many client systems and networks, it is interesting that some companies neglect the basics that help ensure the security of their data. The following tips are by no means inclusive of all of the security precautions […]
Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors. These reports come out once a year, typically in the late Fall. While most organizations do a good job of recognizing the need to request these reports, often they are not properly reviewed and evaluated when received. So, what do you do with the report once it has been received other than give it the internal and external auditors?