Sponsors

I help CPA firms and organizations better understand SOC 2 and other compliance-based IT audits and what it takes to successfully navigate them as well as how SOC relates to other frameworks such as ISO, NIST 800-53, CSA STAR, C5, etc.  In addition, I am a CPA with over 20 years of public accounting and auditing, as well as CFO experience, so I understand what IT and GRC means financially to organizations.

Services offered:

• Training, teaching, coaching 
• Control review (making sure language is good, enough or too much for criteria, etc.) - this can be for clients, but I also did this for an upcoming software company recently related to the control set they wanted as part of the software.
• Understanding software offerings and how they can help the client or auditor (or both)
• Roadmapping SOC 1, SOC 2 or other GRC efforts to long-term goals, regulations, etc.
• Mapping SOC 2 to other frameworks

CPA-firm specific:

• SOC practice development (policies, procedures, etc.) and refinement (for requirement updates, etc.). - This is my ENGAGE topic (are you going?)
• Peer review (prep, "practice" review, post-review remediation of findings) - I've done this one a few times now
• Outsourced workpaper review (many firms are lacking the "senior manager" type role and need help here)
• Outsourced EQCR