Questions? We Have Answers!

Below we’ve answered many common questions on audit preparation, virtual CISO services, and how we engage with clients. 

3

Frequently Asked Questions

Who within a company does Audit Liaison work with?

e are hired by a combination of the CTO, CIO, CSO, or Director of IT and the CEO, COO or CFO. For compliance clients (PCI, HIPAA, SOC 1 or 2, and SOX), existing customers or RFPs will begin demanding that our client obtain an independent audit report. For clients where we either create or support their existing Information Security function, we are hired usually at the C-level. In either case, Audit Liaison personnel primarily work the clients’ IT personnel as we collaborate and implement processes and controls.

What size companies do you work with?

Our clients range in size from a few million in revenue up to $100 million in revenue. Our experienced staff enables us to work with clients in all stages of growth.

How does working with an outside consultant firm like yours benefit my business?

Primarily because we provide additional resources and expertise that most companies cannot afford. Audit Liaison was created to fill the vast void that existed for small to medium-sized businesses who needed, first, compliance-effort support and that quickly grew into providing continuous information security support. Most of our staff started in one of the international accounting and/or consulting firms then moved into private enterprises after years of audit and consulting experience across a variety of industries.

We don't have financial resources to spare. How can you help us without killing our budget?

The international audit and consulting firms of the world are, frankly, too expensive for rapidly growing companies and companies that aren’t growing but want to enhance their internal control environment and information security. We know this for a fact because we worked in those firms. Audit Liaison has tailored and implemented proven internal control and information security frameworks into a variety of enterprises across every industry. With that expertise, we have created a rate structure that is well below the large firms, and customized packages that substantially enhance small to medium size entities’ information security and internal controls.

Who needs your services?

Businesses concerned about their existing internal controls over system resources, data and financial reporting. It is difficult to convey the unique value of having individuals with both independent auditing experience as well as industry experience as the audited party.

We already have a Chief Security Officer and a CFO. What would you do for us in that case?

Great! Many of our clients do. Already having the CSO in place reduces the amount of time you’ll need from our personnel. Regardless, we always collaborate with your team to determine where Audit Liaison can provide the most value. The question we collectively answer is: what expertise can Audit Liaison bring to the table for a project or on an, as needed, basis that we don’t have in-house?

We already have an Internal Audit department. How would you work together?

Great! Many of our clients do. Already having an Internal Audit function in place reduces the amount of time you’ll need from our personnel. Regardless, we always collaborate with your team to determine where Audit Liaison can provide the most value. The question we collectively answer is: what expertise can Audit Liaison bring to the table for a project or on an, as needed, basis that we don’t have in-house?

My business does not have an Internal Audit department currently. Can Audit Liaison take on this role?

Yes, we can. Audit Liaison creates risk-based internal audit functions that address both financial reporting and information security risks and controls. The Audit Liaison staff are all experienced auditors, therefore, they gain instant credibility within a client’s organization. Finally, Audit Liaison personnel will work with your existing or newly hired audit personnel to guide and enhance their audit skills.

How quickly can we engage you?

In nearly every case, we’ve been able to accommodate new clients within 2 to 4 weeks. Our business model is built on providing interim support to clients. Therefore, our staff are rarely booked on clients for extended periods. We intentionally space our work out to allow client personnel to not get too far behind in their day-to-day responsibilities.

Our customers used to want a SAS 70 audit and now they want a SOC 2 (or SOC 1) audit. Why did their request change and how does the SOC audit differ from the SAS 70 audit?

Your customers’ requests have changed because the compliance standards themselves changed with the SOC 1 and SOC 2 superseding the SAS 70 standard. In our view, the primary reasons that the SAS 70 was superseded are twofold: 1. The AICPA wanted Management to explicitly assert as to the design and operating effectiveness of its internal control environment, and 2. The auditor would not only have to opine on the specific controls as defined by Management but also the suitability of the criteria (measurement) used by Management to make its assertion. As a result, the control requirements for SOC 1 and SOC 2 compliance now more closely mirror the other compliance standards in their comprehensiveness.

We have a large RFP that requires a PCI (or HIPAA/SOC 1/SOC 2, etc.) audit. What is a reasonable time period to give ourselves and have a successful audit result?

It’s an excellent question and the one we get most often. Each of the compliance standards has specific requirements. The SOC 1 and SOC 2 requirements are still largely determined by the entity; however as noted above, the controls must be comprehensive enough that an independent auditor can positively opine on the overall internal control framework design and effectiveness.

In our experience, PCI and ISO 27001 preparation require additional time than the other standards. As a rough estimate, we can generally assist a Company to be ready for the point-in-time audits between 3 to 6 months. The period-of-time audits, such as SOC 1 and SOC 2 – Type 2 audits, require operating effectiveness of controls over an extended period of time (generally 6 months). Our 3 to 6-month timeframe still applies, but then you will have the additional period in which the internal controls must be operating continuously.

 

What kinds of companies are at risk for fraud?

Unfortunately, every company is at risk for financial fraud and confidential data exfiltration. As we note in our Security Awareness training sessions with company personnel, external threats are now just as prevalent and nearly as financially damaging as insiders committing fraud have traditionally been.

How do I identify fraud activity within my organization?

A strong internal control structure, that is monitored by management, certainly helps. Audit Liaison provides management with the tools they need to reduce fraud risk on their own, or alternatively, we are engaged to investigate potential frauds. With regards to leakage of confidential data, again robust information security controls are extremely helpful. Likewise, the implementation of additional monitoring tools and risk-transference and mitigation strategies are very helpful to both prevent and reduce financial exposure if fraud occurs.

Why do companies hire a virtual CISO?

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

We need to achieve [specific requirement] - does it make more sense to hire a vCISO or should we hire a consultant for certification?

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

What does a typical vCISO engagement look like?

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

What are some specific examples of how a vCISO benefits our business?

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Why should I hire a virtual CISO rather than a full-time CISO?

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Have a question we didn't answer?

We’re happy to answer any and all questions. Just reach out today!

The Audit Liaison Difference

Our goals are simple. To create solutions that make it easy on our customers. We know that audits and compliance can seem daunting. We know it’s not easy. Or simple. But we’ve been working with companies like yours for years, ensuring that we can make it as seamless and simple for you and your team as possible.

Proven Expertise

Audit Liaison has provided information security and compliance guidance and audit support to corporations in need of effective, timely solutions. With expertise in both finance and technology, we are able to quickly assess and understand your needs, and create a solution while working hand-in-hand with your team to ensure an easy, results-driven process.

Team-Based Approach

We take the notion of teamwork seriously. Not only internally, where we work together to form teams that will best serve our clients, but also externally. We see ourselves as a part of our clients’ team, providing as much - or little - support as needed. Most importantly, our clients view us as an extension of their own team whether we support them for a single project or throughout the year.

Timely. Affordable. Experienced.

Audit Liaison has the know-how and team to seamlessly conduct audit preparation and guide your compliance needs now and into the future. Competitively priced for the small and medium business.

Get StartedLearn More