We are masters at these frameworks and many more.
Audits are one of those tasks that can be helpful yet intimidating at the same time. From the personal standpoint, I've always been open to audits as it allowed for a third party to "evaluate" something which then allowed for requesting a budget increase.
As audits go, there are a few different types.
Internal audits are audits, official or unofficial, of internal functions of a company and generally performed by persons employed by the company that are experienced in auditing. This is also known as a first party audit.
External audits are audits, official or unofficial, of the company and performed by a third party audit company. Generally, these third party audit companies employ persons that hold an auditor certification of some sort. Examples would be ISO27001, PCI, HIPAA, or CMMC.
Then we have another form of external audit and that is when an audit function of some sort is applied to a third party that is most likely a vendor providing services of some sort to a client company. The whole purpose of this type of audit is to ensure that any vendors providing services to a client company are safe to do business with.
As it relates to audits, it's important that the scope of the audit be determined before the actual audit occurs and fully agreed upon by the audit team and the auditee. Otherwise a case of a never ending audit may happen. From a tactical standpoint, the auditee also is suggested to keep the audit scope to the smallest possible foot print as this will keep cost down and reduce effort all around.
Arrakis can help you with your audit needs and also act as a trusted agent or advisory during your audit activities. If you need help, give us a call.
