Auditwerx is headquartered in Tampa, Florida. We have served clients throughout the U.S. and internationally since 2009, providing over 3,500 security compliance reports. As a division of Carr, Riggs & Ingram Capital, LLC (CRI), a top 25 accounting and advisory firm, our clients receive the resources, skills and experience of a much larger firm, but with the accessibility and attention of a smaller, niche, boutique firm.
As an independent firm, our primary objective is to provide a defensible, accurate report that stands up to the scrutiny of your partners. We maintain the highest standards of professional ethics, ensuring that our findings are objective and our methodologies are aligned with current industry standards.
In an industry increasingly dominated by automated platforms, we remain committed to a manual, human-led review process. Security maturity cannot be validated by software alone. Our professionals perform the deep-dive analysis needed to ensure your controls are not just "present," but are functioning effectively to protect your organization.
Clients often feel lost in the shuffle of massive generalist firms or find that small shops lack the resources for complex, multi-framework engagements. We offer the perfect middle ground: a dedicated, specialized team that knows your systems, backed by the administrative strength and peer-reviewed integrity of the CRI network.
From start-ups to larger established organizations, we partner with clients of all sizes, including:
We don't just "verify." We understand the underlying technology of your cloud environments, databases, and networks, providing a review that is as technically sound as it is professionally rigorous.
Through our "Test Once, Report Many" methodology, we identify overlaps between frameworks like SOC 2®, HIPAA, and NIST CSF, reducing the administrative burden on your staff.
We believe in a "no surprises" engagement. From initial scoping to the final report, we keep your team informed of our progress and any identified gaps, allowing for timely remediation.
Auditwerx is dedicated to offering the highest quality compliance reporting services. Our team is dedicated to exceeding your expectations with our policy of mutual respect and transparency.
Partnering with our team means that your company’s compliance initiatives are in experienced hands. Our team of assessors and cybersecurity advisors consists of highly specialized professionals, including Certified Information Systems Security Professionals (CISSPs) and Certified Information Systems Auditors (CISAs).
We can deliver the technical IT and assessment skills needed to clearly relay technical information to both the IT department and management. We are a true partner to our clients, building productive, long-term relationships that you can count on for years to come.
STACY MARTIN
PARTNER IN CHARGE, CHIEF EXECUTIVE OFFICER
Stacy has over 19 years of professional assessment experience in both financial reporting and internal control attestation services of companies in various industries including software and technology, healthcare, employee benefit administration, manufacturing, and various service industries. Stacy has extensive experience in the design of operational control environments and assessing the effectiveness of internal controls in various operating environments, and in performing privacy assessments. She has been involved with over 1,000 SOC* engagements with Auditwerx and is certified in applying the 2013 COSO Internal Control – Integrated Framework and has the Advanced SOC for Service Organizations Certificate.
For the past 8 years, she has focused on the growth of Auditwerx and adding security compliance services for our clients.
BRIDGET BOSWELL
PARTNER
Bridget has more than 20 years of professional assessment experience in both financial reporting and internal control assessments. Her industry expertise includes the software and technology, construction, manufacturing & distribution, service, and not-for-profit sectors.
For the past 6 years, Bridget has specialized in SOC 1®* and SOC 2®* engagements for service organizations, assessing operational control environments and evaluating the effectiveness of internal controls. She has extensive experience with assessing employee benefits administration clients.
In addition, Bridget has performed multiple HIPAA assessments and various other attestation engagements to meet her clients needs.
Our team holds the industry-leading designations required to navigate today’s regulatory landscape. Whether you are a high-growth SaaS startup or a seasoned government contractor, we provide the specialized insight needed for:
Our virtual assessment process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our assessment engagement virtually and in real time. This is neither a “remote assessment” nor a “desk review,” both of which often involve electronic file transfers and little interaction with management. Instead, the virtual assessment includes dialogue with process owners virtually, captures and shares information electronically, and integrates technology seamlessly. We also offer the possibility of performing a hybrid assessment, whereby we reduce our on-site presence by supplementing it with virtual resources.
Our goal is to provide you with the same high-quality assessment services through more focused planning, with reduced distraction, and at a more cost-effective price point. Our virtual assessment process provides you with more access to our specialists involved in your assessment – regardless of your location.
Auditwerx utilizes a web-based, third-party, Engagement Management Platform (EMP). This solution acts as a secure portal that provides project completion and deadline driven status of the requests needed to complete the testing. This tool provides great clarity to clients in where the process is and what items are outstanding. The portal is inter-active and provides a messaging center and restriction of access to specific requests to authorized users.
This intuitive solution standardizes the information collection process, enhances client experiences while securely exchanging the necessary information and automatically managing workflow. Our proven process increases efficiencies, in a secure platform that enhances the client experience.
…Both operations and assessment teams executed the engagement flawlessly, on-time and on-budget. The Auditwerx team provided us with the necessary guidance, tools and knowledge...We would highly recommend Auditwerx services to organizations of all sizes and requirement complexities.
...Their team has brought a level of knowledge and professionalism that has been unmatched. Our company is required to undergo a number of assessments annually with various firms and Auditwerx has truly been a pleasure to work with...
...The assessment itself was thorough, but non-disruptive. The team was highly professional and very knowledgeable. We recommend Auditwerx...without reservation.
Absolutely. We specialize in integrated verification. By identifying the technical overlaps between frameworks like SOC 2®, HIPAA, and the NIST CSF, we can perform a single set of tests that satisfies multiple standards. This “Test Once, Report Many” methodology significantly reduces the time and administrative effort required from your internal team.
We serve a diverse range of clients, from high-growth SaaS startups and healthcare technology providers to established government contractors. Because we are a boutique division of a national firm, we have the flexibility to scale our approach based on your organization’s size, technical complexity, and specific stakeholder demands.
Every engagement begins with a technical scoping discussion. We review your current environment, your data flows, and your reporting goals to ensure we provide a tailored roadmap. If you are transitioning from another firm, we also review your previous reports to ensure a seamless handoff that maintains your reporting continuity.
Transitioning is a straightforward process. We review your previous reports and current environment to identify a streamlined path forward, ensuring your reporting window remains unbroken and your stakeholder requirements are met without interruption.
Software can find a setting, but only a human reviewer can understand the context of a control within your unique business model. This reduces false positives and ensures your report accurately reflects the strength of your security program.
Don’t settle for a generic compliance experience. Choose a team that brings technical depth, national resources, and a human-led focus to every engagement.
Fill out this form to schedule a free, no-obligation consultation with an experienced team member.
Tell us a little about what you need, and our team will schedule a no-pressure conversation. No obligations, just answers you need.
Form issues? Contact us directly at [email protected].
