What is an Independent Opinion in Auditing?

by Joseph Kirkpatrick / August 2nd, 2019

In order for an audit to comply with regulations, it must be conducted by an auditor with an independent opinion. What is an independent opinion? It’s an auditor’s unbiased, objective stance towards an organization which leads to an accurate, credible report on an organization’s security and compliance. Any type of information security audit needs to have an independent auditor, but especially in the case of a CPA performing SOC 1 and SOC 2 audits. As a CPA firm, KirkpatrickPrice does not conduct audits for organizations if there are established financial ties, familial relationships, or in any situation where the auditor could not claim complete independence from the organization.

Maintaining independence allows an auditor to gather necessary data without any outside influence on their opinion. An auditor can then maximize the clarity in their report which, in turn, provides your organization with the most precise and true opinion on your controls.

Choosing an Independent Auditor

How does your organization choose an independent auditor that fits your needs? You need an auditor with the high-quality credentials that fit you best. For a SOC 1 or SOC 2 audit, you need to specifically choose a CPA firm that implements practices that ensure independence in every step of the audit. At KirkpatrickPrice, we have auditors with qualifications that ensure their independent opinion. These practices and qualifications include:

  • Annual Independence Check: Once a year, KirkpatrickPrice auditors must confirm their independence towards clients of the company. They review a client list and register whether or not they have any previous ties to the organization. The practice of a yearly independence check confirms an auditor is performing a completely independent audit.
  • Certification: Our senior-level Information Security Specialists hold various high-quality certifications which keep them updated on top practices in the security industry. The expertise founded in certifications such as CompTIA, SANS, ISACA, project management, and Microsoft certifications. These certifications confirm the skills and proficiencies KirkpatrickPrice auditors have to form a qualified independent opinion of your organization.
  • Experience: Auditors at KirkpatrickPrice have an average of 17 years of experience. Our focus on hiring senior-level auditors proves itself valuable in every audit. The years of experience behind each Information Security Specialist gives your organization the assurance needed to trust their independent opinion.

Independence is Key

While there may be many difficult decisions an organization has to make when preparing for an audit, choosing a CPA firm with an independent perspective shouldn’t be one of those. The focus on a wholly independent opinion in an audit is important to the accuracy and validity of the work we perform at KirkpatrickPrice. Independence is one of the building blocks all qualified assessors must maintain. Make sure you finish your audit knowing you chose a certified, reliable firm with independent auditors to conduct your assessment.

The reason you hire a CPA firm to conduct your audit is because an audit should be done from an independent perspective. A Certified Public Accountant is statutorily required to maintain independence in audits. We can’t audit our brother’s company. We can’t audit a company that we have invested in and therefore have some financial incentive in the results of that audit. We have to maintain independence in form, fact, and appearance. This is something very important to understand as you choose your audit firm and as you interact with the auditor who’s working on your audit. We have to have access to the information that we need access to. We have to be able to talk to the people who have an understanding of your controls and your compliance initiatives. The reason this is so important is because when you get that final written report on your audit, it has to be from an authorized and credible resource who has maintained independence throughout.

About the Author

Joseph Kirkpatrick

Joseph Kirkpatrick is the Managing Partner at KirkpatrickPrice and holds the CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, IT governance, and regulatory compliance. He enjoys helping our clients and stakeholders by navigating them through the complex maze of compliance and regulatory requirements.