Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Schellman vs. Lower-Cost Providers

Assurance / Service Audits | Audit Readiness

In the dynamic world of business, where compliance is becoming more important either as requested assurance from customers or a key market differentiator, more and more organizations are turning to assessment firms to help them communicate these advantages. And while some will always look at compliance in the most oversimplified, checkbox manner, many customers and regulators recognize good (and poor) quality of delivery.

It’s not enough to just undergo an assessment and present the results—you need the report you deliver to your customers to be accurate, reliable, and trustworthy. You want to deliver strong assurance to your customers and prospective partners that you can protect their data, but that means providing them with a strong compliance report from an assessor who did good work, which often means paying for that.

So while we know that—in the current market—it can be tempting to go with a firm that offers more cost savings, we feel it’s important to explain what you’d be getting when you do opt to use our services for what you may consider an elevated price point.

That’s why, in this blog post, we'll delve into some of the advantages Schellman offers as a potential assessment partner, as well as some of the risks of these lower-cost providers. At the end of the day, you’ll need to decide what aspects of compliance your organization wants to prioritize—that may very well remain cost savings, but at least you’ll have more information when making your final decision.

 

5 Things Schellman Offers as an Assessment Partner

We understand that these discussions are challenging no matter what. That being said, we believe that we offer competitive pricing that reflects the quality of our assessments and our assessment teams across the board.

Of course, you’ll be the judge of that after more detailed discussions with our team about your needs and how we can help, but as a precursor to those, here are some additional key attributes that set us apart:

1. An Excellent Reputation and Credibility

Schellman has been operating in compliance for over 20 years now, having built up a solid standing within our industry, despite still being a smaller, boutique firm, and your external stakeholders—such as investors, regulators, and customers—are likely to place higher trust in assessments from a reputable organization.

Why Does That Matter? Engaging a quality auditor enhances your organization's reputation and credibility, which could potentially lead to increased business opportunities.

2. Exceptional Expertise and Experience

That aforementioned reputation was built on our expertise and experience—our auditors bring a wealth of experience and expertise to the table. From top to bottom, our auditors average the following experience:

  • Principals (Engagement Leads): 20+ years
  • Managers/Directors: 10.5 years
  • Senior Associates: 2.8 years

All of our team members, regardless of current title, are well-versed in auditing standards, regulations, and best practices.

Why Does That Matter? Our team’s deep knowledge—and our having worked with a variety of organizations and their unique security gaps—allows us to identify potential risks that might be overlooked by less experienced auditors.

3. Independent and Unbiased Audit Thoroughness

Independence and objectivity are at the core of auditing—you’re investing time and money to get third-party validation, and our firm maintains strict ethical standards to ensure our assessments remain impartial and unbiased the way you need.

We also understand we can’t keep your business if we don’t deliver quality too—that’s why we leave no stone unturned in our work. Our inquiry, observation, and/or inspection testing is all tailored to best serve every individual organization we serve to ensure a meticulous assessment of the design and/or operating effectiveness of your particular controls.

 

Why Does That Matter? Many firms—and clients too, if we’re honest—consider audits to be complete with a mere checking of requisite boxes. But we know that your customers and prospective partners are relying on this assurance, so we make sure to provide a level of thoroughness in our methodology that delivers the utmost peace of mind they need.

4. Value-Added Insights

Our assessors don't just focus on the compliance project you’ve requested; using established industry-wide benchmarks, they’ll provide valuable insights throughout the engagement to help improve your operations.

Why Does That Matter? Audits may take place annually (or on some other regular cadence), but data protection is necessary all the time and with our identified areas for improvement, your internal audit team or security personnel can enhance the functioning of your internal control and optimize business processes.

5. Comprehensive Auditing Services

As the only CPA firm in the Top 100 that focuses solely on IT security and privacy, we aim to serve as the “one-stop shop” for our customers’ and prospects’ cybersecurity compliance objectives. Our suite of services includes:

Why Does That Matter? Your organization may only be seeking one compliance initiative at the moment, but depending on where your business takes you, you may need more—either as requirements for a certain sector or due to other customer requests. If that’s the case, having already engaged us as your single-provider assessor will not only save you time and money in your audits, but it’ll also save you the administrative burden of managing multiple firms (as one of our clients discovered to great success).

To learn more about how we efficiently manage multiple projects for one client, check out our article on our single-provider methodology.

 

The Risks of a Lower-Cost Assessment Provider

Obviously, we are selling ourselves here and while all that probably sounds great at face value, you still have a budget to answer to, which may make a lower-cost provider more appealing.

If so, keep in mind the potential trade-offs you might be making for the sake of (theoretically) minimizing expenses:

  • Limited Resources: Through offshoring work, overreliance on ‘automation’, etc., low-cost providers may cut corners to keep their own costs down.
  • Inexperienced Staff: Low-cost providers may also employ less experienced or less adequately trained auditors who lack the expertise required to navigate complex compliance issues.
  • Rushed Process: Low-cost providers might rush through the process to meet tight deadlines, opting to simply check the boxes.
  • Minimal Interaction: Low-cost providers may limit their interaction with you to cut down on costs, and that could result in potentially missed red flags.

For further insight into the risks of lower-cost providers, read our more detailed article here.

Choosing Your Assessment Partner

 

Though Schellman can be considered a pricier option to some, we’ve worked hard to standardize our assessment excellence and build a reputation on our expertise, experience, precision, and versatility. Moreover, it’s important to remember that, in the realm of audit services, the saying "you get what you pay for" holds true.

While lower-cost providers might seem attractive from a budget perspective, there are potentially other compromises you may be making in engaging one—some that may have long-term consequences that outweigh the initial savings.

As you continue to weigh your options and determine your feasible priorities regarding your compliance projects and the subsequent assessment processes, read our other content that can help clarify even more:

About ROBERT TYLKA

Robert Tylka is a Principal at Schellman. With over 16 years of experience in providing IT attestation and compliance services, Robert currently leads the Midwest practice at Schellman where he specializes in SOC 1, SOC 2, ISO 27001, and HIPAA reporting. In his portfolio, he also oversees engagements that include FedRAMP, HITRUST, PCI, and various Privacy reviews. To date, Robert has provided services to clients in the financial services, information technology, governmental, human resources, insurance, and manufacturing industries, among others. Robert has also provided professional services to companies of all sizes during his career, including Fortune 500 and publicly traded companies, with a strong focus in the technology sector.