Of course. You can and should choose the CPA firm you want to work with and are comfortable with the compliance automation tool you’re using.
In short, they’re OK with it. The industry calls this relationship “the use of an IT specialist.” The formal language states that “The auditor should evaluate whether the auditor’s specialist has the necessary competence, capabilities, and objectivity for the auditor’s purposes. In the case of an auditor’s external specialist, the evaluation of objectivity should include inquiry regarding interests and relationships that may create a threat to the objectivity of the auditor’s specialist. (AU-C 620.09).”
Don’t get us wrong. Pre-audit is important. But collecting evidence and remediating gaps is just the beginning. The reporting process with your independent CPA firm is just as important – possibly more important. Our experience in this industry taught us how important reporting is, which is why our affiliate and independently owned CPA firm, ByteChek Assurance exists. The ByteChek Assurance team can perform your SOC 2 examination seamlessly and efficiently utilizing the ByteChek SaaS Assessment platform eliminating the back and forth with auditors that don’t understand the technology you are using.