Case Study: Top 15
Public Accounting Firm

Perspective from one of the nation’s largest audit firms on auditing a client who is using Shujinko’s AuditX platform for preparation

I really think of this as next gen auditing. In the same way accountants no longer tally debits and credits by hand, I think in five to seven years products like AuditX will be a household name.

– Senior Manager, Top National Accounting Firm

Key Benefits

Simplifies audit readiness for both organizations and auditors
Automatically gathers, organizes and tags evidence to improve audit completeness and accuracy
Speeds evidence collection so teams can focus on other work
Maps evidence both
within and across standards,
increasing ROI for subsequent audits
Captures context to improve knowledge sharing and continuity

Overview

A top national accounting firm had researched various automation solutions with an eye toward helping clients improve audit readiness. Once they found Shujinko’s AuditX™, they realized it would dramatically improve completeness and accuracy of audit preparation, providing clients with faster, smoother and more cost-efficient compliance.

Searching for a Next Generation Compliance Platform

Compliance audits are serious business for the nation’s top accounting firms. So, when a senior manager at one of the 15 largest firms in the country set out to research solutions that could help automate the process of audit preparation, she left no stone unturned.

Preparing for an IT compliance audit is challenging for all involved. For the organization that’s seeking certification, pulling together the reams of documents needed can mean hundreds of hours of manual labor that stresses teams across the company. Yet it can often be equally hard on the audit team, as they have to try to collate and correlate information that’s not clearly or consistently labeled. Determining how and where to apply various pieces of evidence – and identifying any gaps – is a highly manual and costly process both for the audit firm and the organization.

“We have a lot of clients who don’t have a compliance platform and are forced to do things the old fashioned way: emailing and sharing documents,” says one of the firm’s senior managers. “That equates to a lot of time on both sides spent on coordination and administration – what goes where, what’s still needed, etc. Complicating matters, all of that important context and metadata is never effectively captured for future audits.”

Automation can help with all of this. The challenge for an audit firm is that an effective automated audit preparation platform needs to be powerful enough for auditors, but simple enough that a client with no audit knowledge can use it. In the past, the lack of automation and complexity of use has been a major limitation of traditional GRC (governance, risk, and compliance) tools.

Shujinko Improves Completeness and Readiness

For organizations, audits take hundreds of hours away from teams across engineering, HR, legal, operations and more. What could companies accomplish if they had those weeks back?

– Senior Manager, Top National Accounting Firm

Shujinko’s AuditX is purpose-built software that automates audit preparation, evidence collection and readiness. With AuditX, organizations can complete the audit process faster, and with much greater predictability and visibility. The platform’s ability to dramatically streamline the process for both auditors and clients was something the team at the accounting firm found especially compelling.

“Improving audit efficiency not only helps us better handle more audits, it ensures we stay on time and on budget for our clients,” she explains. “For organizations, audits take hundreds of hours away from teams across engineering, HR, legal, operations and more. What could companies accomplish if they had those weeks back?”

Given that, it’s no surprise the accounting firm was excited about another aspect of AuditX: the tool’s unique Automated Evidence Collection (AEC) capability. AEC uses automated collectors, which connect directly into a client’s AWS and/or Azure cloud infrastructure accounts, to automatically gather settings and configuration evidence and then map it to all applicable controls within and across standards. While effectively organizing and structuring evidence is one thing, automatically collecting evidence from a complex distributed cloud infrastructure can be a game changer.

“Automation brings two critical benefits,” she notes. “Obviously it provides the web hooks and APIs that eliminate the manual work involved in collection, which is a big plus. But as important, it adds time stamps and metadata that attest to completeness and accuracy, which is a big emphasis for compliance certifications.”

Auditing the Future

Perhaps more important than collecting evidence is mapping it to controls, and that’s what an audit firm spends a lot of time doing manually behind the scenes, so a client doesn’t have to provide, say, the same information security policy 25 times. But if mapping evidence for one compliance standard is difficult, mapping across standards can be both challenging and extremely valuable.

“The number of requirements for PCI alone can be overwhelming, but you add that on top of NIST and SOC 2 and more and it’s just mindboggling,” she says. “Being able to reuse and cross-map evidence makes it possible to quickly get through multiple audits – even simultaneous audits – which can save everyone a lot of time and resources.”

While gathering and mapping necessary evidence is obviously a primary concern, the context around the evidence can also be critical for both client and auditor. Effective handling of that information can be a very fine line to walk: cutting out extraneous back-and-forth is desirable, but so is capturing necessary structure, explanation and detail.

“Personnel and teams change, and for clients it can be very difficult to try to pick up where someone left off on past audits. That can make new audits feel too much like starting from

One of the things we’re excited about with AuditX is that it centralizes not just the evidence but also provides structure and commenting, making subsequent audits easier.

– Senior Manager, Top National Accounting Firm

scratch,” she explains. “One of the things we’re excited about with AuditX is that it centralizes not just the evidence but also provides structure and commenting, making subsequent audits easier.”

Given all this, it’s hard not to think of a compliance platform like AuditX as the future of audit preparation. “It’s funny, but I really think of this as next gen auditing. In the same way accountants no longer tally debits and credits by hand, I think in five to seven years products like AuditX will be a household name,” she says. “Compliance is critical, but not every company can dedicate people and teams to the process. AuditX exists for companies like that.”

Automate Audit Preparation

Get ahead of your upcoming audit deadlines and compliance initiatives. Ditch the shared spreadsheets, back and forth email, and unclear evidence requests. Start working with Shujinko’s AuditX tool to simplify, automate, and modernize audit preparation for your cloud-first enterprise.