Post by Troy Fine

Every CPA firm performing SOC 2 audits thinks they perform quality work, or at least that's what they tell the world. And every firm will tell you what you want to hear when it comes to quality. I have worked at multiple firms and have been on the other side seeing how firms interact with customers of GRC platforms. In my opinion, the most important quality risk that I have seen is when "Leadership prioritizes economic gain over quality through their actions and behaviors." There is nothing wrong with making money. I am all for it. But I can tell you from first hand experience that when leadership overemphasizes revenue and profitability, quality suffers dramatically. Here's what happens: -Firms will partner with companies that promise them a high volume of leads. In return, the firm will lower their audit prices for referrals. They will justify this by claiming that they do not have spend as much money on marketing and sales. -Firms will be pressured by companies providing a high volume of leads to continue to lower their prices as new Firms start competing for the same leads from the same referral sources. -Firms find themselves in a race to the bottom on audit fees. -Firms then have to make decisions on economic gains v. quality. Most of the time, they do not want to give up economic gains, so they think of ways to lower their expenses. When you provide audit services, you lower your expenses by doing three things: pay your auditors less, spend less time on the audit, or force your auditors to complete more audits without paying them more. -How do CPA firms do this? 1️⃣ They pay their auditors less by either hiring less experienced/competent auditors or by hiring offshore resources. 2️⃣ They spend less time on audits by cutting corners, performing less rigorous audits, or by implementing technology that enables them to perform audits faster with the same resources. 4️⃣ They spend less time audits by treating customers the same, spending little time on scoping, requesting the same evidence from customer to customer, and don't spend time learning how controls are actually implemented. 3️⃣ They force their auditors to complete more work at the same pay and hire less auditors, which burns out their auditors and creates a toxic culture leading to consistent turnover. -And on top of all of this, they are most likely subordinating their judgment during the audits to keep their clients happy. When CPA firms have huge volumes of work coming from a third party, the last thing they want to do is create a poor customer experience and risk losing a source of new revenue. None of this bodes well for quality. Is my way the best way and is my firm the highest quality? Not at all. But quality is what builds trust, so we are going to do everything we can to avoid succumbing to economic pressures that force us to sacrifice our quality. I don't know how we fix this, but I am happy to help if anybody is willing to listen.