Cybersecurity, auditing and compliance – each is steeped with data, details and regulation that must be organized and available at a moment’s notice if a company is called upon to substantiate its security. And substantiating security is a daily requirement not just for companies that handle sensitive data but those that interface with them as well. In the past, the auditing process has involved complex, painstaking work from auditors, auditees and cybersecurity experts. The creators of Richmond, Virginia-based Audora tapped the brain trusts of those contributors to develop a platform that improved the experience for everyone. Their mission: to replace transactional audits with transformational relationships for audit firms, their employees and their clients.
Alex Nette, co-founder of Audora
“It was that partnership between two companies – one with cybersecurity expertise and one with auditing expertise,” says Alex Nette, co-founder of Audora. “We pulled the best people from each team to create Audora; you could call it an ‘audit Avengers,’ if you will. We had the best from both worlds and we made a great product.”
The representatives from both groups didn’t just have the expertise, they also had insight into the pain points and had the opportunity to view the other’s problems from the flip side. This perspective helped bring the teams together to develop a comprehensive and robust product that makes the process better all around.
“Ultimately, Audora is built to help audits move faster and to be more transparent in their processes,” says Nette. “The idea is to make it a single pane of glass. It’s one stop for all communications, audit processes, evidence collection, documents and finally, a complete audit report in the click of a button. Being able to automate those tasks and have them move between auditor and auditee – using guidance and the ability to integrate with outside tools – the entire process moves much quicker than what was traditionally done.”
Previously, audits involved a litany of communication tools like email, text, Slack and Teams, so it was difficult to track who communicated what to whom and where that supporting document was located. Some groups might use antiquated spreadsheets and other attachments that can result in duplication errors or lost corrections.
“Anything that helps auditors move faster with a smoother, more transparent process is a win for both sides,” says Nette. “Auditors no longer have to chase down tasks and documents so they can focus on helping their clients mature their cybersecurity and compliance programs.”
The Audora platform is currently programmed to facilitate the System and Organization Controls (SOC) 2 Type 2 cybersecurity audit, which is governed by the American Institute of Certified Public Accountants (AICPA) . It sets the auditing criteria that evaluates the processes and technology a company has in place. Audora plans to have SOC 2 Type 1 integrated in this quarter and then additional standards coming shortly after.
“The SOC 2 audit is the industry standard,” says Nette. “It’s one thing to tell a company or partner you’re working with that your company, systems and processes are secure but it’s another thing to have an actual third party validate this through an attestation of that security. They know your company is secure because they’ve done the audit.”
Not having proof of sound cybersecurity can be a large hurdle for any company, from startups to enterprises. Smaller and/or newer companies must meet a solid burden of security and compliance before they’re able to interface with other company’s systems.
“On the auditing side, there has always been a lot of tedious, manual tasks to handle,” says Nette, “Managing and tracking spreadsheets, knowing what requests are out, understanding what is left to do, and who’s handling it – then there’s the communications component – it’s long been a very disjointed experience. As a result, auditors often spend more time managing those tasks than reviewing the materials and assessing security for the client. It slows us way down. It makes the client relationship very transactional, not interpersonal and makes the process long and expensive.”
Nette explains that auditees are not interested in the logistics and friction faced by auditors. They just want the audits done quickly, efficiently, and with good results. They want transparency so they can log in at any time and see how everything is progressing. But the current disjointed experience leaves them unsure of what’s outstanding and what’s left so it’s not a good experience from that side either.
“Because everyone has experienced these pain points, we’ve built the solutions into Audora,” he says. “There’s automated evidence switching back and forth so when a request comes in from the auditee, it automatically moves over to the auditor for evaluation and, once addressed, approval. There’s no need to send an email or make sure it was received. It all happens automatically and you can track back every step in the platform.”
Because it’s web-based, no infrastructure or additional software is required for users. Once a contract is signed, they can log in and begin using Audora. It also integrates with leading compliance automation tools like Vanta and Drata which accelerates the evidence collection process.
“A large portion of startups are tech startups that need to substantiate their level of security,” says Nette. “The people running these companies are used to working with the latest, most-efficient processes to align with how they work. This is one of the reasons we designed the platform to be web-based. When a startup is going through an audit, they can leverage the compliance tools to collect evidence as part of the audit and bring it into their Audora workflow. Everything updates and they can see it in real time. Also, because it was built by cybersecurity experts, it’s a secure-by-design platform.”
As an increasing number of younger professionals enter the audit industry, conventional wisdom says they’ll expect their tools to operate with the speed, innovation and transparency they’re used to.
Copyright © 2024 California Business Journal. All Rights Reserved.
Related Posts