July 28, 2020
Automation for SOC 2 Reports Saves Time and Reduces Errors
Posted by Liam Collins
SOC 2 Reports are no longer a nice certification to have, it’s essential in today’s market. Customers and partners count on this industry standard to demonstrate trust and security. With the digital ubiquity of highly sensitive data and transactions and the constant threat of hackers, assurance of safety is paramount.
The SOC 2 audit process, however, traditionally has been inefficient and time-consuming. While an expert SOC audit team can help guide businesses along the journey toward certification, evidence collection must occur independently to ensure there is no conflict of interest between the controls being tested and the auditors.
Typically, CIOs and CFOs spend months and thousands of dollars collecting evidence of controls and getting policies written to meet compliance standards. It’s a long and expensive process, fraught with risk of errors and slowdowns. Often evidence was never properly recorded, misplaced or requires time-consuming searches. This is lost time that prevents companies from serving customers or signing partnership agreements.
An Automated Solution
Our SOC team at Armanino has been exploring innovative ways to help companies speed up the SOC 2 audit process so they can get their certification and get back to business. Enter Tugboat Logic, a company that offers a fully automated evidence collection solution suite.
By using an automation solution like Tugboat Logic, businesses can utilize a fully guided readiness dashboard that monitors controls in real time and provides policy and procedures generation to save time and reduce human errors. Users need to do nothing more than answer a series of guided questions.
We’re already seeing results, with clients often cutting their readiness preparation time by up to two-thirds. Automation also reduces the work hours of the overall audit process by up to 50%.
Another advantage of automation is its ability to repurpose evidence for other certification audits. Instead of starting from scratch, evidence collected by an automated platform is already recorded and trusted – meaning it can be used for other industry privacy and security standards, including the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), Payment Card Industry Data Security Standard (PCI DSS), ISO 27001 and more.
The time, money and energy saved through automation speaks for itself. With multiple certifications now necessary to do business, it’s critical that companies utilize an evidence collection system that records everything from privacy permissions to transaction controls to efficiently prepare for an audit with information updated in real time.
Armanino is leveraging Tugboat Logic technology to provide a seamless audit and compliance certification process. We invite you to join this roundtable discussion on July 29, with leaders to examine ways to accelerate your audit to sustain your adherence status and prove your compliance to customers.
We’ve worked with thousands of clients to audit and assure their controls, and we’re committed to helping business leaders succeed with industry-standard certifications. For more information on how you can meet and exceed the demands of the modern market, contact our Risk Assurance and Advisory team.
Liam leads Armanino’s service organization control (SOC) practice, which provides third party assurance services. He has more than 15 years of SOC experience in both the audit and consulting practice areas, including 10 years with Big Four firms.
Before joining Armanino, he served as a managing director at KPMG, where he was engagement partner on a number of assurance projects. He has also held audit, assurance, finance and IT leadership roles at PricewaterhouseCoopers, ControlMetric, Clare Chapman and Prodapt.
Liam received a BS in accounting from Golden Gate University, a JD from the University of San Francisco School of Law and an MBA from the University of Pennsylvania’s Wharton School. He is a member of the American Institute of CPAs and ISACA.