Auditing Basics: Auditor’s Test of Controls

by Joseph Kirkpatrick / April 5, 2023

How Do Auditors Perform Tests of Controls? In order for an audit firm to be able to provide reasonable assurance and issue an opinion on an organization’s compliance with SOC 1 or SOC 2 audits, they have to test the internal controls that each organization has in place and verify that they are working as intended. To do this, auditors typically perform three types of tests of controls: interviews, reviews,…

Auditing Basics: Audit Risk, Control Risk, and Detection Risk

by Joseph Kirkpatrick / February 15, 2023

What Types of Risk Impact SOC 1 and SOC 2 Audits? SOC 1 and SOC 2 audits are largely impacted by various types of risk. During a SOC 1 and SOC 2 audit, an auditor will be focused on limiting the following types of risk: audit risk, control risk, and detection risk. So, how are those risks different? How to they affect an auditor while performing SOC 1 or SOC…

Auditing Basics: Carve-Out vs. Inclusive Vendors

by Joseph Kirkpatrick / February 15, 2023

During the initial scoping phases of an organization’s audit engagement, your auditor will partner with you to help you narrow down the third-party vendors to be included in your engagement. In order to ensure that your organization’s security posture is and remains strong, you need to consider the impact that the third-party vendors you’ve entrusted sensitive data with could have on your organization. This means that you’ll need to be…

Auditing Basics: What is a Gap Analysis?

by Joseph Kirkpatrick / February 15, 2023

Do You Need a Gap Analysis? If it’s your first time pursuing compliance for any framework - whether it’s SOC 1, SOC 2, PCI DSS, HIPAA, GDPR, etc. – we strongly recommend beginning your engagement with a gap analysis. At KirkpatrickPrice, we’re committed to helping our clients get the most out of their audit, which means that we don’t want you to fail due to lack of preparation. That’s why…

Auditing Basics: What are Control Objectives?

by Joseph Kirkpatrick / February 15, 2023

What are Control Objectives? Control objectives are statements that address how risk is going to be effectively managed by an organization, and your auditor will be validating whether or not your organization meets these control objectives during a SOC 1 audit. The AICPA requires that the description of the service organization's systems includes specific control objectives and controls designed to achieve those objectives, and control objectives are typically presented in…