Audits are important for companies that must reveal compliance with regulatory frameworks and requirements, however they’re typically time-consuming and disruptive. Companies should guarantee related controls are carried out and collect proof to reveal implementation to auditors. Proof gathering is among the many most time-consuming and error-prone elements of auditing, however it’s, fortuitously, a facet that may be automated to a point.
AWS Audit Supervisor is an proof assortment automation instrument for the Amazon Net Providers cloud platform. On this article, we’ll discover how AWS Audit Supervisor can streamline your audit course of. We’ll additionally think about what it might’t do and why it is best to think about using a CPA-backed audit administration resolution just like the KirkpatrickPrice On-line Audit Supervisor.
Audit administration goals to arrange, simplify, and streamline the auditing course of. Historically, an audit supervisor was an expert who facilitated audits inside an organization. At present, the time period is more and more used for software program providers that carry out a few of the similar roles.
Audit supervisor software program helps companies to assemble and arrange audit proof. It additionally tracks the evidence-gathering course of so stakeholders can monitor progress and prioritize audit-related work. The software program is usually conscious of the processes and procedures a enterprise should implement to adjust to varied regulatory necessities and subsequently offers a framework that guides proof gathering.
As soon as the proof has been gathered, it might then be equipped to the CPA agency finishing up the audit. It’s value noting that CPA-operated audit managers just like the KirkpatrickPrice On-line Audit Supervisor permit auditees to speak straight with their auditor. They will ask the auditor questions and obtain recommendation and steering. The auditor can evaluate supplies as they’re gathered. A platform-specific audit administration instrument like Amazon Audit Supervisor lacks this facility. Nonetheless, it may be helpful as one platform-specific stage of an end-to-end evidence-gathering course of.
Amazon Audit Supervisor is a cloud service that automates the gathering of compliance proof. The enterprise informs the Audit Supervisor of the related controls, the place a management is a “rule” from a regulatory framework or normal. Audit Supervisor pulls related knowledge from different AWS providers, together with AWS Safety Hub, AWS Config, and AWS CloudTrail. That knowledge is used as proof of the management’s implementation and is transformed to an auditor-friendly format.
Steady Compliance
Steady compliance is without doubt one of the most vital benefits of automated proof gathering. When proof gathering is guide, it tends to be carried out periodically. Proof is gathered for “the massive audit,” and since that’s an costly course of, it isn’t repeated till the following audit interval rolls round.
Automated proof gathering helps companies to take care of steady compliance. Proof gathering turns into a a lot decrease effort, so maintaining audit proof up-to-date is sensible. As a result of the proof is all the time recent, it’s doable to take care of steady compliance, and there’s a lot much less proof gathering overhead when a brand new audit is required.
Automated Proof Assortment
After preliminary configuration, which we’ll talk about within the subsequent part, Amazon Audit Supervisor is sort of totally automated. It helps a number of automated knowledge sources with various knowledge assortment frequencies:
- Amazon CloudTrail is used to trace person exercise. Knowledge is collected constantly.
- AWS Config offers snapshots of useful resource safety. Knowledge is collected when triggered by an AWS Config rule.
- AWS Safety Hub offers snapshots from safety checks. Knowledge is collected per Safety Hub examine schedules.
- AWS API calls accumulate useful resource configuration knowledge snapshots from AWS sources day by day, weekly, or month-to-month.
Simplified Audit Workflows
Proof gathering will be advanced and difficult to handle. It’s simple to make errors that stretch the size and improve the price of audits. Automated knowledge assortment lifts a big burden from auditees. The software program completes a lot of the proof gathering with out human intervention, which is feasible as a result of AWS Audit Supervisor is deeply built-in into the AWS platform.
The tradeoff is that it might solely collect proof from AWS, and you could discover one other resolution for on-premise infrastructure or sources hosted on different cloud platforms. That’s the place a platform agnostic audit administration resolution just like the KirkpatrickPrice On-line Audit Supervisor shines: it may be used to assemble and handle proof from your whole enterprise’s infrastructure, together with the proof generated by AWS Audit Supervisor.
Audit Proof Entry Controls
Audit proof is confidential, and entry should be managed and managed. As you may anticipate, AWS Audit Supervisor works with AWS Id and Entry Administration (IAM), an answer companies with AWS-based infrastructure use already. Audit Supervisor can segregate particular person assessments to make sure they’re accessed solely by approved people and teams.
To this point, we’ve stated little about how customers choose which proof is to be gathered. That’s the position of Audit Supervisor frameworks. Frameworks construction and automate assessments, the Audit Supervisor perform that gathers proof related to an audit.
Every framework offers teams of audit controls and mappings to AWS sources and knowledge. These mappings are notably helpful: with out them, it requires appreciable experience to hyperlink the controls in regulatory requirements to sources and configurations on real-world infrastructure platforms.
AWS offers pre-built frameworks for a variety of compliance requirements, together with:
- ISO/IEC 27001:2013 Annex A
- PCI DSS V3.2.1
- SOC 2
- CIS Benchmark for CIS Amazon Net Providers Foundations Benchmark
- Common Knowledge Safety Regulation (GDPR)
- FedRAMP Average Baseline
- Well being Insurance coverage Portability and Accountability Act (HIPAA)
Along with pre-built frameworks, customers can construct customized frameworks. These permit companies to deploy AWS Audit Supervisor assessments for which no pre-built choice exists. They will additionally create assessments and collect proof to satisfy different enterprise wants, together with inside audits.
AWS Audit Supervisor is a invaluable instrument for companies with AWS-hosted infrastructure and providers. It performs effectively inside the restricted scope of its capabilities. However it’s not an entire audit automation resolution. Most significantly, no audit automation instrument can full an audit, assess compliance, and ship a good audit report. For a lot of regulatory requirements, solely a licensed CPA agency with info safety experience can accomplish that. Amazon’s documentation makes this clear:
“AWS Audit Supervisor assists in accumulating proof that’s related for verifying compliance with particular compliance requirements and rules. Nonetheless, it doesn’t assess your compliance itself. “
Different limitations embody:
- Proof-gathering is restricted to AWS and the information sources the platform helps.
- A scarcity of direct contact with auditors.
- Restricted mission administration capabilities.
AWS Audit Supervisor can be utilized at the side of a CPA-supported audit administration instrument that helps customers to beat these limitations. KirkpatrickPrice’s On-line Audit Supervisor is used to assemble proof and streamline audits for a lot of infrastructure platforms. Along with being an evidence-gathering instrument, it is usually a robust communication, accountability, and mission administration platform that gives direct entry to your auditor. Contact a senior audit specialist to study extra.
