Your compliance auditor has a vested interest in your success—but a successful engagement is a LOT easier when you make it easy on your auditor to sign off on your compliance. Auditors are looking for clients that are willing participants who take compliance seriously. They love working with companies that want to do compliance correctly and properly. They also want clients who proactively work with them to make the audit engagement efficient and hassle-free.
Want to your audit engagement to be smooth and quick? So does your auditor! The more you understand about your auditor’s expectations, the easier your audit will be. Here are the top five things you can do to make your audit engagement easy—for you, and your auditor.
Handpicked related content: Make Your Compliance Auditor Your Ally
1) Don’t Worry
Some organizations look at an audit as a black-and-white, pass/fail moment. They get nervous about answering a question wrong and worry that the auditor will “fail” them. In fact, 46% of U.S. IT professionals would rather have a root canal than undergo a compliance audit.
Your auditor isn’t there to try to fail anyone, but to help you succeed. Auditors are there to be part of the solution so you can gain third party confirmation of your compliance and understand what needs to be done.
When you answer a question wrong, they’ll do some digging—but not to get you in trouble. Your auditor just needs to be sure they’re signing off on something that’s legitimate, and that you’re truly compliant. The auditor also needs to understand the current circumstances clearly so they can provide appropriate guidance.
2) Be Open and Honest
The audit will go a lot easier for you if you’re direct and open about the reality of your situation. Your auditor is there to help you succeed, not to catch you in the act. If you aren’t honest with the auditor, chances are the truth will come out during interviews. Stories or details won’t line up, or something just won’t feel right, and they’ll start digging. Remember, this isn’t the auditor’s first trip to the rodeo—they have interviewed hundreds of organizations before, and they’ve developed a keen eye for aligning interview responses to reality.
At the same time, only answer what they ask (while remaining reasonable). Sometimes clients go into a long story, hoping to impress the auditor with their knowledge. But more often than not, people will say something the wrong way. Usually, it’s just a mistake, but now the auditor has to be sure. Expect them to do some digging.
During interviews, just give the auditor what they want—clear, direct, honest, short answers to their questions. If you don’t give them all the information they were looking for, they will ask follow-up questions. But if you gush too much info, you could create unnecessary issues during the audit, and elongate the audit process for yourself and your auditor.
3) Follow Submission Procedures
Your certification auditor has an established system to make your engagement go quickly and efficiently. If you don’t submit your evidence the way they ask, you’re bogging down the workflow and making their job more difficult. And that means your audit will be longer and more painful for you as well.
Follow these submission tips to speed up your audit:
- Organize your evidence. Make it clear which files are for which requirements. It should be easy for the auditor to understand what the attachments are.
- Submit evidence the way the auditor requests. If they use a network location drop, don’t submit via email or Google Drive.
- Give each file a descriptive name that makes sense so the auditor will instantly know what it is. Often, companies submit hundreds of files with names like DXT8473.pdf. The auditor has no idea what that is, so they spend countless hours opening each file, trying to figure out what it is, and renaming it so it makes sense. But this adds a new problem: now that the auditor has renamed the file, the company’s tracking system is broken, because DXT8473.pdf no longer exists. Now, even more documentation is needed to fix that.
You can eliminate dozens, maybe even hundreds, of hours on your engagement simply by following your auditor’s submission process. And it’s one of the quickest ways to get on your auditor’s good side.
Handpicked related content: Why Compliance Auditors Say TCT Portal Is a Lifesaver
4) Do What You Say You’ll Do
You have operational compliance responsibilities throughout the year that your auditor expects you to do, in accordance with the compliance mandates. At the end of the year, it’s common for auditors to discover that a lot of that stuff never got done. Clients forgot to do it. Sometimes it’s legitimate, but often “I forgot” just means, “I was too lazy.”
When auditors see that you’ve actually done everything your organization was required to do, you instantly become a favorite client. They want to do business with companies that take security and compliance seriously.
5) Know What You’re Getting Into
Choose an auditor who fits your company culture. Every auditor is different. Some auditors are very black-and-white and stick to the rules by the letter. Others will look at the spirit of the law and the overall circumstances to ensure that the client is meeting the nature of the requirements. There is also a wide range of personalities from one auditor to another—some are dry and blunt, some are warm and amenable—even within the same auditing organization!
The auditor and the auditing company’s approach combine to determine what kind of interaction or experience you will have. Often it’s a good idea to talk to people you know and trust to get auditor recommendations.
Make sure you’re organized and ready for initial discussions. The primary point person from your organization should know enough about your environment to discuss the basics. In advance of the kickoff meetings, review your inventory, network diagram and data flow.
If you’re super organized and ready to go, you might find the auditing firm is willing to give you a break on their fees. We know some auditors who reduce their prices for clients that use TCT Portal, because it is a compliance management system that makes their work so much easier.
Make Your Next Audit Quick and Easy
Auditors like to be able to get in, do their thing, and sign off. If you’re organized and prepared, a three-day audit could turn into a one-and-a-half-day audit. That saves everyone time and headaches.
In the end, your auditor just wants a client who is prepared and organized, because it shows you’re taking your responsibilities seriously. Have all your compliance ducks in a row all year, be prepared for the onsite visit and do what you say you’ll do. Follow these tips, and your compliance audit can be a minor event instead of a major interruption to your business.
Make your next audit quick and easy—schedule a personalized demo today.