NorthStar Education Services Receives SOC 2 Type II Attestation

NorthStar Education Services, a student financial aid and payment company, today announced that it has completed its SOC 2 Type II audit, performed by KirkpatrickPrice. This attestation provides evidence that NorthStar Education Services has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have the necessary internal controls and processes in place.

SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of NorthStar Education Services’s controls to meet the standards for these criteria.

Taige Thornton, President of NorthStar Education Services, said, “All organizations should ask for SOC reporting from their outsourced service vendors. Whether a vendor can provide a SOC report is a serious risk component that companies need to consider during any vendor due diligence analysis.”

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “NorthStar Education Services delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on NorthStar Education Services’s controls.”

About NorthStar Education Services
NorthStar Education Services is an affiliate of Ascendium Education Group. For 50 years, our focus has been to deliver industry leading tools to support educational accessibility and success through student loan repayment, employee benefit/payment assistance, next generation financial wellness and education loan refinancing programs.

About KirkpatrickPrice

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Choosing an Audit Partner that Makes Sure

What does partnership look like when your organization is in the middle of an audit? When you choose a qualified audit firm to help you in your audit process, you are choosing a partner for an important compliance journey. How does the audit firm you choose support you? What practices does it implement that enable you to successfully complete your audit process? In what ways is an audit firm helping you on your compliance journey? Let’s look at the traits you should be considering when choosing a partner for your audit.

Choosing a Partner that Supports Your Organization

There is no denying that audits are difficult, but you can confidently achieve your goals when your organization has a quality partner working alongside you on your compliance journey. What are some qualities you can look for when choosing a partner?

  • A quality audit partner is one that is experienced in the necessary skills and practices regarding security auditing. Audits are complicated and you need a qualified auditor at your side to check your internal controls, security practices, and policies.
  • You’ll want to make sure you’re choosing a partner that doesn’t waste time during an audit. Working with a timely audit firm that stays true to the timeline developed at the start of the audit is important for an organization looking to complete tasks in their compliance journey on an efficient schedule.
  • Proper communication is important to creating a system of support and partnership. In order to communicate effectively, the audit partner your organization chooses should have a quality audit team that stays in contact with your organization through every step of your compliance journey.
  • The audit process needs to be streamlined to gather data and evidence and properly examine your organization’s controls. At KirkpatrickPrice, the Online Audit Manager enables us to partner with organizations before an onsite visit to make the audit process as smooth as possible.
  • Choosing a partner that fits your organization should be reliant upon your ability to trust that the audit firm is independent and qualified. To perform a PCI audit, the firm must have personnel with QSA and PCIP certifications. Only CPAs can perform SOC 1 and SOC 2 audits. To perform a HITRUST CSF assessment, the auditor must be a CCSFP at an authorized assessor firm.

Why KirkpatrickPrice is the Audit Partner for You

KirkpatrickPrice is an audit firm whose goal is to give the support and guidance your organization needs to embark on a successful compliance journey. You don’t have to settle for choosing a partner that conducts an audit and leaves you with unanswered questions and compliance worries. Instead, you can start and end an audit with a firm that wants to see you defeat the most challenging compliance requirements you face. Make sure you’re choosing a partner that will be by your side throughout your compliance journey. Contact KirkpatrickPrice to be supported by the partner your organization deserves to have on its compliance journey.


One of the things that we say here are KirkpatrickPrice is that we partner with our clients to help them achieve challenging compliance goals. When you’re going through an audit, it’s very difficult. When you want to comply with a variety of standards that are out there, it’s a very challenging thing to take on. Everybody wants a good partner at their side – somebody behind them providing coaching and guidance, supporting you through your goals. We want to be that type of partner for you. The spirit that we take on is from the first Kirkpatrick on record. His name was Roger Kirkpatrick – first cousins with William Wallace, loyal to Robert the Bruce. Robert the Bruce had a rival and Kirkpatrick was there to support him and fight along his side in order to defeat the rival. We take on that same spirit here in the way that we partner with you. We want to see you defeat the hacker, defeat those challenging compliance requirements that are coming at you from every angle. We will make sure that we are a great partner to you in your challenging compliance goals.

Can an Auditor Withdraw from an Audit?

When you choose an audit firm to start the audit process, you’re choosing a partner. You want an auditor who is highly experienced, can communicate well, and knows how to support your organization on its compliance journey. Once you find an audit firm that meets your expectations, your organization will need to continue building a good relationship with your auditor throughout the audit process. It doesn’t stop at signing a contract, and it’s a two-way street. What actions or behaviors could negatively impact your relationship with your auditor? When does an auditor have the right to withdraw from an audit?

Finding the Right Auditor

What should you be looking for in an auditor? How do you know you’ve picked an audit firm that will support and educate you during the audit process? How you can you make sure you’re not giving an auditor the opportunity to withdraw from an audit? Although audits are difficult, you don’t have to tackle compliance requirements alone. Finding the right auditor for your organization starts with an evaluation of your organization’s timeline expectations, communication goals, and auditing needs. Once you know where you stand, you are able to find an auditor that can support you.

The quality of work you receive when you’re handed a compliance report is directly related to the availability, qualifications, and skill of the Information Security Specialist you work with. At KirkpatrickPrice, our audit team is made up of qualified, experienced auditors. You don’t want to choose a firm that sends a junior-level auditor to check your internal controls, test your physical security, and walk through your processes. You deserve to have a senior-level auditor working alongside you during the audit process. These experienced auditors focus on the goal of independence and support so that there isn’t pressure to withdraw from an audit.

Building a Relationship with your Auditor

Once you choose an audit firm, what is your organization doing to foster a positive partnership with your auditor? Even after an audit process is completed, a healthy relationship with an auditor means continued support and education in your compliance efforts. To make sure you have built a strong relationship with your auditor, you can review our Six Signs that You’re in a Good Relationship with Your Auditing Firm. Following these signs of a good auditor will help point you in the direction of meeting your long-term compliance goals and avoid the possibility of an auditor needing to withdraw from an audit.

The key to maintaining a good relationship with your auditor is recognizing the audit firm’s requirement for independence. Auditors can withdraw from an audit if the rules of independence are broken during the audit process. If an auditor feels as though something has happened to where they cannot be objective, they have the right to withdraw from the audit. To make sure your organization doesn’t cross those boundaries, you can focus on respecting the auditor’s independence throughout the audit process. You can trust that your audit is in good hands when you choose an auditor with the integrity to remain independent.

Fostering a good relationship with your auditor puts you on the right path towards compliance and encourages a support system for your audit process. Start your journey with an independent audit firm that meets your needs and avoid any problems that might require an Information Security Specialist to withdraw from an audit. Contact KirkpatrickPrice, today.


Did you know that an auditor can actually withdraw from your engagement? There are certain rules that we must follow that require us to withdraw if certain circumstances are met. For example, we have to maintain independence at all times. If something happens that comprises that independence, we have to withdraw from your engagement. If a company puts undue pressure on us and they say, “We’re not going to give you that next contract unless you find certain things favorable for us in this audit,” we can’t do that audit. We have to withdraw from the engagement. If a company is combative or argumentative with us through the audit, if it puts that undue stress on the auditor to where they can’t be objective, then we have to withdraw from that engagement. I think understanding the nature of audits and understanding how that relationship works is very important to making your audit a successful engagement.

How to Avoid a Never-Ending Audit

There are many decisions that organizations need to consider when choosing an audit firm, like cost, expertise, location, timeline, and audit process. You need to be confident in who’s performing your audit, especially in a clear, accurate audit process. If not, you’re risking a case of the never-ending audit.

The Audit That Never Ends

A never-ending audit is one where you’re revisiting the same tasks time and time again with no end in sight. You’re working diligently on your audit tasks, but you don’t know what stage you’re in. You’re lost in the processes and can’t see an end in sight. There’s a lack clarity and understanding which leaves you wondering what evidence the auditor is looking for or how many tasks are left in your queue. A never-ending audit is not an audit you want to spend valuable time and money on. To avoid a never-ending audit, you need to know your audit firm and its processes well.

Getting to Know Your Audit Firm

How can you put your best foot forward as you begin your audit process? You can start by getting to know your audit firm. It’s important to understand the processes of the audit firm you choose, because a high-quality process produces an accurate and timely audit report. What questions should you be asking when choosing an audit firm?

  • What is their audit process? How does the audit firm conduct an audit? Do they visit your location in an onsite visit or is the audit completed remotely?
  • What are the expectations for your organization? How fast are you expected to complete the tasks? Are you expected to be on weekly calls? Is there an expectation that you will initiate communication or is that left up to the auditor?
  • How will the audit timeline be kept? Are they working on a timeline you have presented? Are you supposed to follow a timely system that has already been developed? How will you be notified of your timeline? Will you be able to see your progress as you move through the audit process?
  • Who will you be working with? What members of a team will be included on calls or in communication with your organization? What qualifications does this auditing team have to conduct an accurate, quality audit for your organization?

Gathering information on their processes is integral in getting to know your audit firm. You have to know how they perform an audit in order to trust them and be confident in their firm. At KirkpatrickPrice, we use the Online Audit Manager to visually provide direction, progress, and clarity during your audit process. You get to know us through our high-quality procedures and practices which provide your organization with a timely, accurate audit report. You won’t have to endure a never-ending audit when you start your audit with KirkpatrickPrice.


A common story we hear from clients who have gone through audits with other audit firms is that they think they’re done with their audit, but then the auditor comes back with another spreadsheet or another request for evidence. Now they think they’re done, again, but then, later, the auditor comes back again and says, “Oh, I just need a few more things.” It always feels like the never-ending audit. You don’t have that experience at KirkpatrickPrice because using our Online Audit Manager, you always have a visual understanding of exactly where you are in the audit process. You understand whether or not the auditor has looked at your submission or not. You also understand whether or not the auditor has accepted, meaning they finished looking at it, or whether or not something is pending, meaning that they might have to do something else on that particular item. Regardless, it always tells you exactly where you stand and whether or not to expect something else from your auditor before finally being complete with your audit.

How to Streamline the Audit Process

The audit process can seem daunting, but it doesn’t have to be. When you hire an auditing firm to streamline the audit process, you avoid many of the unknowns that usually plague organizations on their compliance journeys. At KirkpatrickPrice, we use the Online Audit Manager to streamline the audit process and give you the assurance you deserve when completing an audit. What is the Online Audit Manager? How is it different than any other audit process? Whether it’s your very first audit or several that you do annually, the Online Audit Manager can be a game changer.

Changing the Game with the Online Audit Manager

The Online Audit Manager is an audit delivery tool that allows KirkpatrickPrice to streamline the audit process for an organization. This online portal guides you through audit objectives, requirements, and necessary documentation all in one place. Whether your organization has multiple audits or a single audit, the Online Audit Manager allows you to streamline the audit process and combine the necessary compliance requirements into easily managed tasks. With the online portal, you can communicate with the auditor, receive remediation guidance, prepare effectively for your onsite visit, and manage progress in real time. Why would you settle for a complicated, chaotic audit process when you can choose to streamline the audit process?

How does a streamlined audit process help you? Let’s look at four ways using the Online Audit Manager can aid your organization on its compliance journey.

The Benefits of Streamlining Your Audit Process

  1. Know Where You Are in Your Audit: One of the greatest benefits when you streamline your audit process is that your organization knows the exact stage of the audit process that it is in at all times. You don’t need to wonder what is left or if you need to do anything else to fulfill compliance objectives. You can simply log into the Online Audit Manager and check your progress.
  2. Save Time: When you streamline the audit process, you save your organization a great deal of time. What may have taken hours to discuss during an onsite visit, can be reduced drastically through the online portal. With a streamlined audit process, your onsite visit can focus on assessing your physical controls and reviewing documentation as the preliminary data has already been gathered.
  3. Reduce Your Audit Costs: Conducting an audit without the Online Audit Manager leads to wasted time, and with unnecessary time comes unnecessary cost. When you streamline the audit process, your organization reduces the need for extra costs. Quality audits are expensive, but streamlining your audit softens the cost to your organization. Plus, our online portal is a part of our audit cost, so there is no extra charge for using this platform.
  4. Simplify the Audit Process: The most important benefit to your organization is that the Online Audit Manager dramatically simplifies the audit process. Completing an audit is a big deal for an organization and any tool that provides clarity and simplification to the process is a tool your organization should use. The Online Audit Manager is the simplifying tool you have been looking for.

In many aspects of our lives we’re looking for simpler, more efficient ways to get work done. Why is the audit process any different? To get the most of out of your compliance journey, your organization needs to streamline the audit process.


One of the things that we’ve learned since providing audit services since 2005, is that we’ve turned the audit process on its end. You begin working with us through our Online Audit Manager. You work through a series of questions. You provide evidence. You have weekly calls with your auditor to review those things. Ultimately, you see the progress bar in the Online Audit Manager moving and you understand exactly where you are in the audit process. One of the things that I’ve learned when clients tell us in working with other firms is that they’ve never understood where they were. How much more is left? Is the auditor going to ask for more evidence? Using our Online Audit Manager, you always know exactly what the progress is of whether or not the auditor has reviewed your submission. When you’re waiting for that final step, the completion of your audit and the report, you have visual understanding of exactly where you are. You have the assurance in knowing that an auditor isn’t going to surprise you with some last-minute requests.