Auditing Basics: What is a Gap Analysis?

by Joseph Kirkpatrick / May 10th, 2019

Do You Need a Gap Analysis?

If it’s your first time pursuing compliance for any framework – whether it’s SOC 1, SOC 2, PCI DSS, HIPAA, GDPR, etc. – we strongly recommend beginning your engagement with a gap analysis. At KirkpatrickPrice, we’re committed to helping our clients get the most out of their audit, which means that we don’t want you to fail due to lack of preparation. That’s why our gap analysis service is specifically designed to help you prepare for the audit so that you can meet your compliance goals. How does the gap analysis process work? Organizations will be partnered with an Information Security Specialists and an Audit Support Professional to identify any operational, reporting, and compliance gaps and will then offer advice on strategies for remediation. Ultimately, gap analyses ask and answer, “How are we doing compared to what regulations require?”

Do You Need a Remote or Onsite Gap Analysis?

Many of our clients ask us whether or not they should do a remote or onsite gap analysis, and the answer really boils down to how prepared you want to be. Many organizations believe that remote gap analyses are the most convenient option — organizations simply have to upload documentation and evidence into our Online Audit Manager for review and attend conference calls with one of our Information Security Specialists over a two- to three-week period. For organizations who opt to do an onsite gap analysis, it typically is a much more intensive experience. An auditor will come on site over a three- to five-day period to review documentation and evidence and interview personnel. Regardless, whether an organization decides to undergo a remote or onsite gap analysis, they’ll leave with a better understanding of how to remedy vulnerabilities found, a timeline and strategies for doing so, and resources to guide them along their remediation journey.

If it’s your first time going through an audit of a specific framework, let us be your guide. Contact us today for more information on the value of gap analysis and what KirkpatrickPrice’s process is.

We commonly receive inquiries about how to get started with an audit. People are worried that they aren’t ready for the audit, and the question is always along the lines of “What can we do to prepare? What are the ‘gotcha’ areas that we need to be concerned with?” One of the ways that we love to help our clients with this is with a service called a gap analysis. One of our senior, expert-level auditors will be assigned to you and will perform either a remote or in-person gap analysis. We walk through the requirements of the audit, and we help you identify any gaps in your policies, your procedures, your controls, or anything you need to do to quickly address any gaps you have in compliance for the particular audit framework that you’re seeking to comply with. We can perform a gap analysis anywhere in the world. We travel overseas and we perform things remotely in a virtual manner in order to help you understand what you need to do as quickly as possible and get you on the road to completing your audit.