The Assessment of Fraud for SOC 2

As part of what the SOC 2 audit addresses- as part of the core conceits an auditor needs to know to do a SOC 2 audit- we discuss fraud and internal threat. In most companies, we operate under the assumption that you trust your employees. That the people who work for and with you are there to further the goals of your organization. But we are remiss if we don’t ask the question, “What if they are not?” Fraud speaks directly to the integrity of the controls in place- to the management of your data. How would you even know if one of those trusted employees is cooking your books or reporting that controls are in place when they’re not? How do we know that your company is operating at its correct standard with the goals you set in mind unless we address the idea of internal fraud? It’s a scary word when an auditor brings that across the table it’s terrifying to hear an auditor talk about fraud and our gut instinct is to rebel against the concept that our trusted employees could actually- or would actually- do anything against our organization. But what kind of auditor would I be if I didn't stop and ask you the question, “How do you know for sure?” 

Related Videos