turning audit into an advantage


This section of this website as a guide for those service organizations that provide technology solutions to regulated industries such as finance, health, or government, and who need to undertake a SOC-2 audit.

Anyone familiar with the standard way that many large financial institutions handled SOX probably dread the word 'audit'. They likely associate it mindlessly repetitive and seemingly pointless work involving lots of paper trails.

Happily, it doesn't have to be that way. As I rather breathlessly point out in "Why undertake an audit", I believe that there are real benefits to be had. And I believe that the key to the whole thing lies in promoting the undertaking not in dull terms like "the auditor says we must..." or "the clients have told us to..." but rather in terms of a process improvement undertaking with:

Here, I'm talking about:

  1. obtain successive clean third-party assurance audits
  2. becoming more responsive and becoming even more focused on the client
  3. and in turn ensuring its own profitability.

With all of that said, let's look at what is involved with a SOC-2 audit.

what it takes to pass a SOC-2 audit


What's the scope on a SOC-2 audit for a technology service organization?


©2019-2022  michael werneburg.  michael@werneburg.ca