Can you provide tips on what to look for in an auditing firm?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Choosing an auditor is a serious commitment on behalf of an organization. You're likely making a long-term decision and choosing a company that will contribute significantly to the success of your business over time. Here are a few tips to help you in that selection process:
- Name recognition matters. There's a reason that the Big Four audit firms (PwC, Deloitte, Ernst & Young and KPMG) have been so successful -- they're the recognized gold standard for auditing. If you select one of these firms, you won't have to explain your choice to anyone. If you choose to go with a less-recognized (and less-expensive) auditor, you run the risk that others will view your audit report with just a bit more skepticism than if it came from one of the Big Four.
- Pricing is negotiable. Like any business service, the fees you pay your auditor are not cast in stone. You should treat it like any other contract and negotiate a fee that is fair and reasonable to both you and the auditing firm.
- Experience counts. Try to find an audit firm that has specific experience in your industry. There's a reason that most businesses tend to use the same auditor year after year -- it's simply easier (and therefore less expensive) for a firm to audit a company that they already know in an industry that they're familiar with.
- Know who will be working on your account. When you're in the sales stage, expect to have conversations with senior partners in the auditing firm. You can generally expect, however, that these people will quickly disappear when there's work to be done. When interviewing auditors, ask to meet the staff who will actually be working with you and the rest of your staff.
Take the time to select an auditor that not only suits your budget and experience, but also that you'll be comfortable working with for many years to come. After all, it's always more pleasant when you're sitting across the table from people you enjoy.
Dig deeper on IT Security Audits
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.