Case Study

How the Bonadio Group Streamlined and Expedited IT Audits For Their Clients With Hyperproof 

Bonadio Group

Frameworks

SOC2

//

HIPAA

//

HITRUST

//

PCI DSS

Bonadio

The Bonadio Group is a top 50 CPA firm that delivers a full spectrum of services to help organizations of all sizes overcome their financial and business challenges. Charlie Wood is an Executive Vice President/Partner in the Information Risk Management Division of The Bonadio Group and co-founder of FoxPointe Solutions. The Information Risk Management Division focuses on IT/security compliance audits including SOC 2 (Type 1 and Type 2), PCI DSS, HIPAA, and HITRUST as well as penetration testing, vulnerability, and risk assessments. The division serves client organizations ranging from early-stage startups to Fortune500 enterprises in a diverse range of industries including healthcare, technology, education, nonprofits, and more.

Quick Facts: Accounting // United States

Improved client relationships and client retention

33%

Reduced audit timeline for SOC 2 clients by 33%

Achieved greater predictability in completing audits on time

The challenge

The auditors working in The Bonadio Group’s Information Risk Management division are seasoned professionals who adhere to high standards, taking great pride in doing excellent work and exceeding clients expectations. However, in the past year, Wood noticed that some client organizations don’t see things the same way he does: they see an audit as a commoditized service and audit firms as interchangeable entities. One Fortune500 client of the Bonadio Group told Wood that unless Wood could deliver value to them in a new way, above and beyond what their auditors had done in previous years, they would consider going with a new audit firm.

One cause of this trend is that there’s been an influx of CPA firms providing IT audits in recent years. There’s also the fact that some newer compliance software vendors in the market are claiming (often misleadingly) that their technology can replace services traditionally provided by CPA and IT security advisory firms.

Wood wanted to differentiate his firm from others by giving clients something so valuable that the Bonadio Group would stand out as a trusted advisor. “At the end of the day, people do business with people they trust. I am always thinking about, ‘How can we deliver more value to our clients so that they wouldn’t want to work with anyone else?’ ” says Wood.

Quote Sign
At the end of the day, people do business with people they trust. I am always thinking about how we can deliver more value to our clients so that they wouldn’t want to work with anyone else.

Charlie Wood

Executive Vice President/Partner, Information Risk Management // The Bonadio Group

Charlie Wood

Meanwhile, the Information Risk Management division faces another challenge: audit timelines are quite unpredictable, often running behind schedule because clients don’t provide auditors with the evidence needed for an audit to commence at the designated time.

Despite a delayed start, clients still hold the expectation that their audit will wrap up by the original deadline. As a result, an auditor must make up that lost time during the audit process by working overtime. But sometimes, the evidence collection process takes much longer than anticipated and the audit inevitably stretches beyond the original timeline. Further, once the evidence collection process starts, there can be a lot of back and forth between auditor and client before an auditor receives the correct information.

Audits that run past schedule can cause several problems, including:

  • A client may feel frustrated with the audit experience
  • Auditors must work overtime under stressful conditions, increasing the risk of burnout and quitting.
  • Profit margin per project decreases as the audit staff spends more time serving each customer. Along with that, the risk of missing revenue and cost targets for the division goes up.

The solution

Once Wood learned about Hyperproof’s compliance operations software, he realized that the software could significantly alleviate these problems and help his division exceed client expectations and earn the title of trusted advisor.

Quote Sign
With Hyperproof, the Information Risk Management division is set up for long-term sustainable growth. I know that my auditors can get work done efficiently and as a result, our operating costs have become much more predictable. Clients love having a more efficient process and getting their audit reports sooner.

Charlie Wood

Executive Vice President/Partner, Information Risk Management // The Bonadio Group

Charlie Wood

“As auditors, we recognize how disruptive an audit can be to the technical staff, like the network administrators, within the organization we work with. These folks have day jobs to do; it’s hard for them to be pulled from those tasks to provide evidence for an audit. By using Hyperproof, it’s much easier for our auditors to educate people client-side on how to provide the right evidence we expect to see. Hyperproof also takes over the job of reminding people to do their work. The whole evidence gathering process becomes way less disruptive to our clients,” says Wood.

Results

Improved client relationships and ability to retain clients

At this time, Bonadio has implemented Hyperproof with multiple client organizations and gotten them to standardize the audit process on the Hyperproof platform. These clients are enjoying a more organized, expedited audit process, and they’re grateful that Wood has shown them a tool that alleviates their compliance burden. As one client said to Wood, “It’s a no-brainer for us to keep the Bonadio Group as our auditor, when you’ve brought us such a useful tool.” Another long-term client that onboarded Hyperproof saw how the tool can support work happening in another division of his company and introduced Wood to that division leader.

Quote Sign
When a client uses Hyperproof the way it’s intended, gathering the evidence we need takes significantly less time for everyone. We’re able to reduce the back-and-forth our auditors have with the IT professionals.

Charlie Wood

Executive Vice President/Partner, Information Risk Management // The Bonadio Group

Charlie Wood
Reduced audit timelines for clients

With Hyperproof, Wood’s auditors have already been able to shrink the audit timeline from 90 days to 60 days for some SOC2 audit clients. Wood believes that the audit timeline can shrink even further to 45 days because with Hyperproof, an auditor can request evidence from a client throughout the year (such as a quarterly basis) — as opposed to requesting all evidence at once right before an annual audit.

Specifically, Hyperproof comes with easy-to-use templates for SOC 2, PCI, and many other frameworks. An auditor can go into one program (e.g., SOC 2), head into the Controls section and comment directly on each control to let the client know what type of evidence they need to provide and specify how often the evidence needs to be collected.

On the client side, a compliance professional or a control operator can put evidence into Hyperproof earlier so that an auditor can test that evidence right away. When an auditor is able to test the evidence sooner, they can issue a report sooner.

“When a client uses Hyperproof the way it’s intended to be used, gathering the evidence we need takes significantly less time for everyone. We’re able to reduce the back-and-forth our auditors have with the IT professionals client-side”, says Wood.

Hyperproof also plays a role in minimizing the knowledge loss that happens due to staff turnover. “We often see audits take longer because our auditors have to interact with different people from year-to-year client-side. When a key person from the client’s compliance team leaves the organization, our auditors have to re-educate their stakeholders on the audit process,” says Wood.

With Hyperproof, because all controls are documented in the system and previous evidence records are stored in an organized way, it takes less time for someone new to a compliance team to get up-to-speed and work effectively with their auditor.

Greater ability to complete audits on time

Thanks to Hyperproof facilitating an organized evidence collection process, auditors are able to finish their audits on-time, consistently. This means that auditors can take advantage of their scheduled vacations, work overtime less often, and enjoy their work more.

Ensuring predictability in time to completion per audit also means that the cost per project is predictable, putting the division in a better position to achieve its revenue and cost targets and forecast its growth with confidence.

Quote Sign
Hyperproof’s technology and dedication to solving problems in the compliance/audit realm is superb. Our partnership with Hyperproof has changed the way we collaborate with our customers and helped us open doors that we would have never been able to open before.

Charlie Wood

Executive Vice President/Partner, Information Risk Management // The Bonadio Group

Charlie Wood

Conclusion

With Hyperproof, Bonadio Group was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.

To see the Hyperproof platform in action, schedule a demo with our team today.