One Audit Firm, One Platform: A Journey to Settling Down
by Madison Lenhart / May 6th, 2025
They had a vision for an ‘audit once, apply to many’ strategy, aligning controls across platforms, auditing controls once, and applying those controls across multiple products or frameworks.
The Challenge
They are a 10,000-person enterprise whose SaaS business had grown through acquisitions. In 2023, their compliance team was managing twenty-two audits across five different audit firms and multiple frameworks utilizing a multitude of audit platform tools. This resulted in inconsistent standards, redundant tasks, and a lack of visibility into process ownership. At the time they had one control owner participating in nearly 40 audit interviews each year. This took technical resources away from their regular jobs and ultimately lead to audit fatigue.
There was an overall lack of collaboration. The Director of GRC, expressed his frustrations and sought to implement mapping to gain structure for all different frameworks. Stepping into this new journey, the overall idea was to create a unified approach – a way to apply the same evidence to multiple frameworks.
“Many problems arose from this lack of structure; it created a single point of failure. If a compliance manager stepped away, there was nobody there to pick up the slack. Nobody knew where the evidence was gathered from nor where to look for it, and there wasn’t a clear requirement owner, nobody on the team knew who to speak to.”
– Director of GRC
The Solution
To bring consistency scalability, and simplicity to their audit engagements, they partnered with KirkpatrickPrice.
They were looking for someone who was more than just an auditor, they were looking for a partner who could help consolidate requirements into an audit once, apply to many unified framework. Throughout their journey, they found a connection with KirkpatrickPrice. Our cultures aligned, we recognized their goals, and we paired them with a dedicated specialist who walked them through the entire process, from audit readiness all the way to the final report.
Together We
Centralized all control descriptions across all business units and individual audit reports.
Generated new, consolidated control descriptions that became global controls.
Mapped global controls and business unit-level controls to applicable frameworks per business unit.
Transferred the previous year’s audit evidence into the Online Audit Manager and tagged all evidence with relevant control descriptions.
Produced audit reports testing consolidated, global control descriptions.
Incorporated our Online Audit Manager to assist in the overall mapping across the multiple business units, products, and framework requirements within their company.
Opened clear line of communication between the auditors and the company by creating a shared Microsoft Teams space.
Leveraged an audit team of CISSPs who were able to audit complex technologies once and apply that testing to multiple framework requirements.
Delivered 15 audit reports on time.
Results
Consolidated 22 audits down to 11
62% audit cost reduction
Took the original 1,500 control library and consolidated to 338
“We received a lot of feedback from the requirement owners throughout the different departments who saw the difference in the KirkpatrickPrice approach and the time saving they received.”
“Bottom Line, it’s good people and that’s what is the selling point, for your organization and your culture, I can see it from Joseph all the way down to everyone involved… You are family oriented, and we didn’t find that in any other auditor.”
–Director of GRC
“The single biggest challenge to achieving what they did is belief. It requires someone with the power to direct change in the organization to believe that there’s a better way. Once you have that, KirkpatrickPrice can unify your audits and give your team their time back.”
–Kyle Pardue, VP, Sales at KirkpatrickPrice
Level up your security program with KirkpatrickPrice.
Audits are hard, but when you work with an expert who’s been in your shoes, it will always be worth it. KirkpatrickPrice will be your partner in compliance so you can be confident that your cybersecurity and compliance audit will end in success.
Connect with an expert today to learn what it’s like to have a true partner in compliance.
Together we can:
- Identify the audit frameworks and services that benefit your organization’s unique compliance needs.
- Schedule a demo of the Online Audit Manager.
- Make sure your company finds success on its compliance journey.
