Do you have questions you're too nervous to ask your Auditor?

Shannon Idea generator Vanta Team Member Conversation starter

Join our AMAA: Auditor Edition to ask all of your Audit-related questions to a different Auditor 😉! Daniel Hurtado of Prescient Security and Assurance will join Kim Elias of Vanta and tackle all your questions on October 18th at 10 a.m. PST!

Comments

2 comments

  • Comment author
    Brenden Mariano Great answers Vanta Expert Vanta Team Member
    • Official comment

    Hi Benjamin,

    Thank you for sharing your question! I'm a Senior Product Support Specialist at Vanta who commonly assists our customers with audit readiness questions like these - happy to help!

    We generally recommend interacting with your auditor sooner than later, and there are a few benefits to granting them access ahead of your audit:
    • Early Access: This allows your auditor to familiarize themselves with your environment and controls ahead of time, which can make the audit process smoother and more efficient.
    • Pre-Audit Questions: Before the audit window, you can ask your auditor questions to clarify expectations and ensure you're adequately prepared.
    • Identify Issues: Early access can help identify potential issues or gaps in your controls, giving you time to address them before the audit begins.
    The only potential con is that the auditor can see all your data and controls once you grant access. So, you should only grant access when you're comfortable with the state of your controls.
     
    Overall, there's no hard rule on when to grant access. It depends on your readiness and comfort level. Discussing this with your auditor before granting them access can help you make the best decision.
     
    I hope this helps! Feel free to let us know if you have any follow-up questions.
     
    Thanks, 
     
  • Comment author
    Benjamin Hobbs Conversation starter

    Not sure when we are doing this again, but I would love to know when the best time to grant our auditor access is? We are currently prepping for a SOC 2 audit, and we know who our auditor is likely to be (company). Would we go ahead and grant them access now? Why would we do this? Are there pros and cons? 
    Should we not give them access until the last minute? Why or why not? Are we allowed to ask them questions before our audit window?

    1

Please sign in to leave a comment.