Can you provide tips on what to look for in an auditing firm?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Choosing an auditor is a serious commitment on behalf of an organization. You're likely making a long-term decision and choosing a company that will contribute significantly to the success of your business over time. Here are a few tips to help you in that selection process:
- Name recognition matters. There's a reason that the Big Four audit firms (PwC, Deloitte, Ernst & Young and KPMG) have been so successful -- they're the recognized gold standard for auditing. If you select one of these firms, you won't have to explain your choice to anyone. If you choose to go with a less-recognized (and less-expensive) auditor, you run the risk that others will view your audit report with just a bit more skepticism than if it came from one of the Big Four.
- Pricing is negotiable. Like any business service, the fees you pay your auditor are not cast in stone. You should treat it like any other contract and negotiate a fee that is fair and reasonable to both you and the auditing firm.
- Experience counts. Try to find an audit firm that has specific experience in your industry. There's a reason that most businesses tend to use the same auditor year after year -- it's simply easier (and therefore less expensive) for a firm to audit a company that they already know in an industry that they're familiar with.
- Know who will be working on your account. When you're in the sales stage, expect to have conversations with senior partners in the auditing firm. You can generally expect, however, that these people will quickly disappear when there's work to be done. When interviewing auditors, ask to meet the staff who will actually be working with you and the rest of your staff.
Take the time to select an auditor that not only suits your budget and experience, but also that you'll be comfortable working with for many years to come. After all, it's always more pleasant when you're sitting across the table from people you enjoy.
Dig Deeper on IT Security Audits
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.