| ▲ | egorfine 4 hours ago | |
> Passing the responsibility off to some other company is, quite simply, irresponsible. Then do not pass the responsibility. But here's the trick: the regulator would like to see an audit done by a firm and purchasing audit services is exactly that: passing responsibility. So legally you can't be compliant unless you passed responsibility. | ||
| ▲ | tfrancisl 4 hours ago | parent [-] | |
These compliance companies are not primarily tasked with auditing, as this article makes very clear. Delve is in control of the auditing process in a way that is inappropriate and unusual for this industry. The work that the company with these obligations should be doing themselves is generating the Section 3 description and the controls. The auditor then independently verifies their compliance with the controls. Thats a clear delineation of responsibilty, IMO | ||