Exams or Audits

 View Only
  • 1.  Audit firm due diligence

    This message was posted by a user wishing to remain anonymous
    Posted 09-15-2022 02:42 PM
    This message was posted by a user wishing to remain anonymous

    Our Information Security Officer asked me to do a due diligence on the audit firms that audited our third party vendors SOC report.
    So, my question is whether we should do a due diligence on these audit firms.  And if so how?

    I went to the website for PCAOB and of course AICPA , but really couldn't find much about the firms reputation or much else.

    Any help would be greatly appreciated.


  • 2.  RE: Audit firm due diligence

    Posted 09-15-2022 02:50 PM
    I would suggest that you request the CPAs "Peer Review Report" and the acceptance letter by the AICPA/State Board of Accountancy.  The AICPA requires that the reviewing firm review at least one of your service auditors SOC reports.


  • 3.  RE: Audit firm due diligence

    Posted 09-15-2022 03:17 PM
    One item that we identified for audit firms, especially those that issue audit opinions, is to request a copy of their Peer Review letter.  The AICPA requires all firms that Issue audit/assurance opinions to have a Peer Review conducted.  That would give some comfort that they are conducting audits/assurance engagements in accordance with standards.

    Look forward to hear what others have to offer.
    Brian