We don't replace your auditors; we compliment them. As the auditors, they are not allowed to perform a pre-assessment for you or assist you in the remediation of their findings.
Depending on your industry and your company status, you may have to go through a plethora of audits and assessments every year. Whether it's PCI, HIPAA, SOC2, IT controls for financial attestation, Sarbanes - Oxley, ISO, FDA, etc., etc., we can help ease the burden of these audits by helping you pre, post, and during the audit.
Pre-Assessment and Planning
Even auditors know that preparing for an audit is burdensome and time consuming for you. Pre-audit checklist help but they still require a level of knowledge and context to adequately prepare the documentation and accesses the auditors require. As former auditors, we understand what auditors need to see, why they need to see it and what control they're trying to ensure is present.
By engaging us to assist in your audit preparation process we will work closely with your staff and your audit team up front to ensure the audit goes smoothly and successfully for both you and the auditors.
Sometimes there is a disconnect between the auditor and your technical staff leading to frustration and the risk of inaccurate audit findings. By engaging us to participate in the discussions and interviews between your staff and the auditors, we can eliminate the frustration and ensure the final audit report is accurate before its issued to your management team.
Very few, if any, audits result in zero findings. Hopefully, there are no significant findings but left unattended, over time even minor findings can develop into significant issues.
We hate implementing process, policies, controls or anything else just for the sake of the audit. Every remediation can have some sort of benefit to the operations of the organization. Allow us to help remediate your findings in a way that not only address the auditor's concerns but also bring value to your organization.
Please contact us to learn more about how we can make your audited life simpler and less painful.
Cloud Provider Audit
We're going to assume you are already using a cloud provider or Software as a Service (SaaS) provider for services such as HR/Payroll, CRM, email, data center co-location, or some other business solution.
If you are, we hope you added an audit clause into your contract where they have to prove to you on at least an annual basis that they have adequate security controls in place. If you do not have an audit clause, please don't sign another outsource provider contract before speaking with us.
If you do have the audit clause, when is the last time you requested a copy of the independent audit report? Did you review it? Did you understand it? Did you follow up with the provider for any remediations?
We could take a guess at your answers but we'd much rather have a conversation with you about it. Let us help you ensure that your partners are taking care of you properly.