Comment

Understanding the Difference Between a Control and a Procedure

As a company preparing to undergo a SOC audit for the first time, one of the most confusing and time consuming aspects of the process can be determining controls in place to be tested. While your auditors will be available to help walk you through this process, having a good understanding of how to make the determination between your companies procedures and what can be considered a control can make the planning to testing stages of the audit go much smoother. Many times procedures are mistaken for controls early in the planning process and this misunderstanding often ends up impacting the time frame established for testing in a negative way. When determining whether or not a policy or procedure can be considered a control, ask yourself if you can answer what, who, when and how about the procedure in place. 

  •  What does this procedure do to ensure the operating effectiveness of the company? Does it help prevent fraud or ensure a segregation of duties; does it help ensure transactions are processed timely or that data is entered accurately?
  • Who is responsible for the process? Is there a hard stop in the system that prevents a certain action from taking place or is there a secondary review in place to verify information has been captured correctly? When does this procedure take place?
  • What is the frequency of the review or are there systematic flags in place to alert personnel of upcoming deadlines?
  • How can the procedure be tested? Are there configuration settings or documented reviews that can be provided as evidence?

When creating the controls for your organization, keep in mind that evidence is proof. You want to make sure that you can provide evidence for any control you’ve identified. If there is a reconciliation process or a secondary review of a file, it’s not enough to simply say it happens. In order to consider that process a control, it should be documented and that documentation can be supplied as evidence to your auditors. It can become difficult to support a control is operating effectively if there is no evidence to be supplied because the control is really just a procedure. If you ask yourself the four questions above, you can ensure the controls identified are in fact controls, better educate your auditors on the types of evidence you can provide and be on your way to a successful and smoothly executed audit.

Contact us with any questions that you have regarding controls or procedures. 

Comment

Comment

Solving the Mystery of Misrepresented SOC Reports - Part 1

In our latest blog series, the Auditwerx team discusses how to determine if you've received a misrepresented SOC report and how to find the right partner for your audit needs. To help increase your chances of detecting a counterfeit, user organizations and auditors should know the following:

  • Why a service organization might use a misleading report
  • Why the logic behind this practice is unsound, and
  • What steps they can take to spot an “imposter.”

Learn more about misrepresented SOC reports and how to address them here.

Comment

Comment

AUDITWERX TO EXHIBIT AT THE 2016 NATIONAL INSTITUTE OF PENSION ADMINISTRATORS ANNUAL FORUM & EXPO (2016NAFE)

Auditwerx will be an exhibitor at the upcoming National Institute of Pension Administrators (NIPA) Annual Forum & Expo (NAFE). The conference will take place at The Cosmopolitan of Las Vegas from May 1st through 4th. The Auditwerx team will be located at booth 301.

NIPA offers more than 60 educational sessions to choose from offering 4 different educational tracks; Business Topics, Defined Contribution, Defined Benefit & Specialty Topics. In addition to the dynamic line-up of engaging speakers, the conference offers over 20 hours of networking opportunities during the three day event.

About NIPA
The National Institute of Pension Administrators (NIPA) is a national association representing the retirement and employee benefit plan administration profession. It was founded with the idea of bringing together professional benefit administrators and other interested parties to encourage greater dialogue, cooperation and educational opportunities. NIPA’s goal is to improve the quality and efficiency of plan administration. NIPA fosters the highest standard of ethical and professional conduct by providing self-improvement outlets to all members and interested parties. NIPA offers two main educational programs each year: the executive-focused Business Management Conference and the all-level Annual Conference. The association sponsors two professional designation programs: the Accredited Pension 2 Administrator (APA) and the Accredited Pension Representative (APR). To supplement its educational programming, NIPA promotes local chapters and publishes a quarterly newsletter. For more information, visit www.nipa.org.

Comment

Comment

AUDITWERX TO EXHIBIT AT THE FICPA HEALTH CARE INDUSTRY CONFERENCE

Auditwerx will be an exhibitor at the upcoming Florida Institute of Certified Public Accountants (FICPA) Health Care Industry Conference. The conference will take place at Disney's Coronado Springs Resort in Lake Buena Vista, Florida on April 28th and 29th. Please stop by our booth and say, "Hello"!

The conference is designed to give health care professionals insight and understanding of the trends in the ever changing, complex business environment of the industry and also provide an update on regulations that they are trusted to navigate.

Auditwerx helps our health care clients by performing SOC 2 attestations that focus on the privacy principle, ensuring that there are implemented policies and procedures for the security of personally identifiable information. For more information, contact us today! 

Comment