Choosing an Audit Partner that Makes Sure

What does partnership look like when your organization is in the middle of an audit? When you choose a qualified audit firm to help you in your audit process, you are choosing a partner for an important compliance journey. How does the audit firm you choose support you? What practices does it implement that enable you to successfully complete your audit process? In what ways is an audit firm helping you on your compliance journey? Let’s look at the traits you should be considering when choosing a partner for your audit.

Choosing a Partner that Supports Your Organization

There is no denying that audits are difficult, but you can confidently achieve your goals when your organization has a quality partner working alongside you on your compliance journey. What are some qualities you can look for when choosing a partner?

  • A quality audit partner is one that is experienced in the necessary skills and practices regarding security auditing. Audits are complicated and you need a qualified auditor at your side to check your internal controls, security practices, and policies.
  • You’ll want to make sure you’re choosing a partner that doesn’t waste time during an audit. Working with a timely audit firm that stays true to the timeline developed at the start of the audit is important for an organization looking to complete tasks in their compliance journey on an efficient schedule.
  • Proper communication is important to creating a system of support and partnership. In order to communicate effectively, the audit partner your organization chooses should have a quality audit team that stays in contact with your organization through every step of your compliance journey.
  • The audit process needs to be streamlined to gather data and evidence and properly examine your organization’s controls. At KirkpatrickPrice, the Online Audit Manager enables us to partner with organizations before an onsite visit to make the audit process as smooth as possible.
  • Choosing a partner that fits your organization should be reliant upon your ability to trust that the audit firm is independent and qualified. To perform a PCI audit, the firm have personnel with QSA and PCIP certifications. Only CPAs can perform SOC 1 and SOC 2 audits. To perform a HITRUST CSF assessment, the auditor must be a CCSFP at an authorized assessor firm.

Why Kirkpatrick is the Audit Partner for You

KirkpatrickPrice is an audit firm whose goal is to give the support and guidance your organization needs to embark on a successful compliance journey. You don’t have to settle for choosing a partner that conducts an audit and leaves you with unanswered questions and compliance worries. Instead, you can start and end an audit with a firm that wants to see you defeat the most challenging compliance requirements you face. Make sure you’re choosing a partner that will be by your side throughout your compliance journey. Contact KirkpatrickPrice to be supported by the partner your organization deserves to have on its compliance journey.

Transcript

One of the things that we say here are KirkpatrickPrice is that we partner with our clients to help them achieve challenging compliance goals. When you’re going through an audit, it’s very difficult. When you want to comply with a variety of standards that are out there, it’s a very challenging thing to take on. Everybody wants a good partner at their side – somebody behind them providing coaching and guidance, supporting you through your goals. We want to be that type of partner for you. The spirit that we take on is from the first Kirkpatrick on record. His name was Roger Kirkpatrick – first cousins with William Wallace, loyal to Robert the Bruce. Robert the Bruce had a rival and Kirkpatrick was there to support him and fight along his side in order to defeat the rival. We take on that same spirit here in the way that we partner with you. We want to see you defeat the hacker, defeat those challenging compliance requirements that are coming at you from every angle. We will make sure that we are a great partner to you in your challenging compliance goals.

Can an Auditor Withdraw from an Audit?

When you choose an audit firm to start the audit process, you’re choosing a partner. You want an auditor who is highly experienced, can communicate well, and knows how to support your organization on its compliance journey. Once you find an audit firm that meets your expectations, your organization will need to continue building a good relationship with your auditor throughout the audit process. It doesn’t stop at signing a contract, and it’s a two-way street. What actions or behaviors could negatively impact your relationship with your auditor? When does an auditor have the right to withdraw from an audit?

Finding the Right Auditor

What should you be looking for in an auditor? How do you know you’ve picked an audit firm that will support and educate you during the audit process? How you can you make sure you’re not giving an auditor the opportunity to withdraw from an audit? Although audits are difficult, you don’t have to tackle compliance requirements alone. Finding the right auditor for your organization starts with an evaluation of your organization’s timeline expectations, communication goals, and auditing needs. Once you know where you stand, you are able to find an auditor that can support you.

The quality of work you receive when you’re handed a compliance report is directly related to the availability, qualifications, and skill of the Information Security Specialist you work with. At KirkpatrickPrice, our audit team is made up of qualified, experienced auditors. You don’t want to choose a firm that sends a junior-level auditor to check your internal controls, test your physical security, and walk through your processes. You deserve to have a senior-level auditor working alongside you during the audit process. These experienced auditors focus on the goal of independence and support so that there isn’t pressure to withdraw from an audit.

Building a Relationship with your Auditor

Once you choose an audit firm, what is your organization doing to foster a positive partnership with your auditor? Even after an audit process is completed, a healthy relationship with an auditor means continued support and education in your compliance efforts. To make sure you have built a strong relationship with your auditor, you can review our Six Signs that You’re in a Good Relationship with Your Auditing Firm. Following these signs of a good auditor will help point you in the direction of meeting your long-term compliance goals and avoid the possibility of an auditor needing to withdraw from an audit.

The key to maintaining a good relationship with your auditor is recognizing the audit firm’s requirement for independence. Auditors can withdraw from an audit if the rules of independence are broken during the audit process. If an auditor feels as though something has happened to where they cannot be objective, they have the right to withdraw from the audit. To make sure your organization doesn’t cross those boundaries, you can focus on respecting the auditor’s independence throughout the audit process. You can trust that your audit is in good hands when you choose an auditor with the integrity to remain independent.

Fostering a good relationship with your auditor puts you on the right path towards compliance and encourages a support system for your audit process. Start your journey with an independent audit firm that meets your needs and avoid any problems that might require an Information Security Specialist to withdraw from an audit. Contact KirkpatrickPrice, today.

Transcript

Did you know that an auditor can actually withdraw from your engagement? There are certain rules that we must follow that require us to withdraw if certain circumstances are met. For example, we have to maintain independence at all times. If something happens that comprises that independence, we have to withdraw from your engagement. If a company puts undue pressure on us and they say, “We’re not going to give you that next contract unless you find certain things favorable for us in this audit,” we can’t do that audit. We have to withdraw from the engagement. If a company is combative or argumentative with us through the audit, if it puts that undue stress on the auditor to where they can’t be objective, then we have to withdraw from that engagement. I think understanding the nature of audits and understanding how that relationship works is very important to making your audit a successful engagement.

How to Avoid a Never-Ending Audit

There are many decisions that organizations need to consider when choosing an audit firm, like cost, expertise, location, timeline, and audit process. You need to be confident in who’s performing your audit, especially in a clear, accurate audit process. If not, you’re risking a case of the never-ending audit.

The Audit That Never Ends

A never-ending audit is one where you’re revisiting the same tasks time and time again with no end in sight. You’re working diligently on your audit tasks, but you don’t know what stage you’re in. You’re lost in the processes and can’t see an end in sight. There’s a lack clarity and understanding which leaves you wondering what evidence the auditor is looking for or how many tasks are left in your queue. A never-ending audit is not an audit you want to spend valuable time and money on. To avoid a never-ending audit, you need to know your audit firm and its processes well.

Getting to Know Your Audit Firm

How can you put your best foot forward as you begin your audit process? You can start by getting to know your audit firm. It’s important to understand the processes of the audit firm you choose, because a high-quality process produces an accurate and timely audit report. What questions should you be asking when choosing an audit firm?

  • What is their audit process? How does the audit firm conduct an audit? Do they visit your location in an onsite visit or is the audit completed remotely?
  • What are the expectations for your organization? How fast are you expected to complete the tasks? Are you expected to be on weekly calls? Is there an expectation that you will initiate communication or is that left up to the auditor?
  • How will the audit timeline be kept? Are they working on a timeline you have presented? Are you supposed to follow a timely system that has already been developed? How will you be notified of your timeline? Will you be able to see your progress as you move through the audit process?
  • Who will you be working with? What members of a team will be included on calls or in communication with your organization? What qualifications does this auditing team have to conduct an accurate, quality audit for your organization?

Gathering information on their processes is integral in getting to know your audit firm. You have to know how they perform an audit in order to trust them and be confident in their firm. At KirkpatrickPrice, we use the Online Audit Manager to visually provide direction, progress, and clarity during your audit process. You get to know us through our high-quality procedures and practices which provide your organization with a timely, accurate audit report. You won’t have to endure a never-ending audit when you start your audit with KirkpatrickPrice.

Transcript

A common story we hear from clients who have gone through audits with other audit firms is that they think they’re done with their audit, but then the auditor comes back with another spreadsheet or another request for evidence. Now they think they’re done, again, but then, later, the auditor comes back again and says, “Oh, I just need a few more things.” It always feels like the never-ending audit. You don’t have that experience at KirkpatrickPrice because using our Online Audit Manager, you always have a visual understanding of exactly where you are in the audit process. You understand whether or not the auditor has looked at your submission or not. You also understand whether or not the auditor has accepted, meaning they finished looking at it, or whether or not something is pending, meaning that they might have to do something else on that particular item. Regardless, it always tells you exactly where you stand and whether or not to expect something else from your auditor before finally being complete with your audit.

How to Streamline the Audit Process

The audit process can seem daunting, but it doesn’t have to be. When you hire an auditing firm to streamline the audit process, you avoid many of the unknowns that usually plague organizations on their compliance journeys. At KirkpatrickPrice, we use the Online Audit Manager to streamline the audit process and give you the assurance you deserve when completing an audit. What is the Online Audit Manager? How is it different than any other audit process? Whether it’s your very first audit or several that you do annually, the Online Audit Manager can be a game changer.

Changing the Game with the Online Audit Manager

The Online Audit Manager is an audit delivery tool that allows KirkpatrickPrice to streamline the audit process for an organization. This online portal guides you through audit objectives, requirements, and necessary documentation all in one place. Whether your organization has multiple audits or a single audit, the Online Audit Manager allows you to streamline the audit process and combine the necessary compliance requirements into easily managed tasks. With the online portal, you can communicate with the auditor, receive remediation guidance, prepare effectively for your onsite visit, and manage progress in real time. Why would you settle for a complicated, chaotic audit process when you can choose to streamline the audit process?

How does a streamlined audit process help you? Let’s look at four ways using the Online Audit Manager can aid your organization on its compliance journey.

The Benefits of Streamlining Your Audit Process

  1. Know Where You Are in Your Audit: One of the greatest benefits when you streamline your audit process is that your organization knows the exact stage of the audit process that it is in at all times. You don’t need to wonder what is left or if you need to do anything else to fulfill compliance objectives. You can simply log into the Online Audit Manager and check your progress.
  2. Save Time: When you streamline the audit process, you save your organization a great deal of time. What may have taken hours to discuss during an onsite visit, can be reduced drastically through the online portal. With a streamlined audit process, your onsite visit can focus on assessing your physical controls and reviewing documentation as the preliminary data has already been gathered.
  3. Reduce Your Audit Costs: Conducting an audit without the Online Audit Manager leads to wasted time, and with unnecessary time comes unnecessary cost. When you streamline the audit process, your organization reduces the need for extra costs. Quality audits are expensive, but streamlining your audit softens the cost to your organization. Plus, our online portal is a part of our audit cost, so there is no extra charge for using this platform.
  4. Simplify the Audit Process: The most important benefit to your organization is that the Online Audit Manager dramatically simplifies the audit process. Completing an audit is a big deal for an organization and any tool that provides clarity and simplification to the process is a tool your organization should use. The Online Audit Manager is the simplifying tool you have been looking for.

In many aspects of our lives we’re looking for simpler, more efficient ways to get work done. Why is the audit process any different? To get the most of out of your compliance journey, your organization needs to streamline the audit process.

Transcript

One of the things that we’ve learned since providing audit services since 2005, is that we’ve turned the audit process on its end. You begin working with us through our Online Audit Manager. You work through a series of questions. You provide evidence. You have weekly calls with your auditor to review those things. Ultimately, you see the progress bar in the Online Audit Manager moving and you understand exactly where you are in the audit process. One of the things that I’ve learned when clients tell us in working with other firms is that they’ve never understood where they were. How much more is left? Is the auditor going to ask for more evidence? Using our Online Audit Manager, you always know exactly what the progress is of whether or not the auditor has reviewed your submission. When you’re waiting for that final step, the completion of your audit and the report, you have visual understanding of exactly where you are. You have the assurance in knowing that an auditor isn’t going to surprise you with some last-minute requests.

Onsite Visits vs. Remote Audits

When you start an audit, you’re looking for a quality experience in a timely manner. One of the biggest aspects of an audit is the onsite visit – but what if an auditing firm that you’re considering working with offers to skip the onsite visit in order to deliver your report faster? What if they say your internal controls don’t require an onsite visit? What if you have an entirely virtual workforce, so you don’t even have a location for an onsite visit? We encourage you to choose  quality over convenience when it comes to choosing an auditing firm, and that decision includes onsite visits versus remote audits. What are the differences between these types of audit experiences? Let’s talk through what a 100% remote audit looks like and the value an onsite visit brings to the audit process.

 

What is a Remote Audit and Why Do They Fall Short?

A remote audit is an assessment conducted entirely online with no face-to-face interaction with an experienced auditor. Audit firms that engage in 100% remote audits use electronic communication to understand an organization’s internal controls.  No auditor invading your space, no time wasted during an onsite visit, no money spent on auditor travel expenses…sounds convenient, right? At KirkpatrickPrice, we believe that an onsite visit is a priority and necessity for any audit engagement. There are some things that just can’t be learned or understood over the Internet. Remote audits can only reach so far. Where do remote audits miss the mark?

  • Face-to-Face Contact: How can we accurately depict your organization if we’ve never met your staff in-person? How can we get a feel for your company culture if we’ve never step foot in your building? When an auditor issues an opinion, they are putting their name, reputation, and their firm’s reputation on the line – at KirkpatrickPrice, we take that responsibility seriously. On the flip side, why would you trust your organization’s compliance efforts in the hands of a remote auditor who you’ve never met in-person?
  • Quality: High quality audits require attention to detail, accuracy in testing, and a thorough check of an organization’s controls. To reach this level of quality, an organization needs to have an auditor on the ground observing procedures, testing controls, and interviewing employees. Remote audits fail to provide these basic aspects of a quality audit.
  • Longevity: Compliance is a journey that your organization should not have to face alone. During an onsite visit, a senior-level auditor is focused on understanding your organization and where you are non-compliant so you can begin remediation. Remote audits don’t allow for a full understanding of compliance because they can’t physically check all of your requirements and don’t add to the longevity of your organization’s compliance.

At KirkpatrickPrice, we do use the Online Audit Manager to complete about 80% of an audit, but the other 20% of our audit process is an onsite visit for testing and verification. To get the most out of the audit process, you need to go through an onsite visit with your auditor.

What Should You Expect During an Onsite Visit?

Why should an onsite visit be included in the audit process? What can you expect when an auditor steps through your doors? How can you prepare for an onsite visit?

At KirkpatrickPrice, we begin the audit process through the Online Audit Manager to help you prepare as much as possible before the onsite visit. You will work with an Audit Support Professional to explain your controls, answer review questions, and send proper documentation to form a foundation for your onsite visit. When an auditor arrives to physically observe, review, and report on your internal controls, you can rest assured that they are focused on performing high-quality testing and understanding your organization better. An auditor will test physical security, organizational processes, personnel procedures, and any other controls that aren’t able to be tested remotely. The detailed onsite visit will leave your organization with the assurance that you received a quality audit and are headed in the right direction towards compliance.

Transcript

When it comes to quality, one of the things that I cannot impress upon our clients enough is the importance of the onsite visit with your auditor. When our company started in 2005, we were actually the originator of the remote audit. We developed a tool called the Online Audit Manager that allowed people to work with us remotely, submit evidence, and prepare for their audit. But we never eliminated the reason for the onsite visit, which was to send one of our qualified, experienced auditors into your environment, get to know you personally, work with you and observe your processes so that we can add value and help you address the risks that you face. We never want to see these audits performed 100% remotely because you would miss that very important aspect of it. Our company recently went down to Kennedy Space Center and one of the things that we saw is how our country has been sending missions to Mars. We have the Mars Rover, for example, on that planet taking evidence and performing a site visit, if you will. Why is NASA making every effort to send humans to Mars? They said it’s because humans can do things that robots can’t do. That’s why at KirkpatrickPrice, we believe that it’s so important to have these expert people come and visit you and work with you, because no one else can take their place.