Ann Cleland

Ann is a partner at HORNE Cyber where she oversees all aspects of cyber assurance services. Ann’s depth of knowledge in assurance covers service to a variety of clients in both external and internal audit capacities including governmental A-133 audits; and in industries as diverse as real estate, healthcare, nonprofit, retail and manufacturing.
Find me on:

Recent Posts

Mar 15, 2018 10:00:00 AM

What You Need to Know About the SEC’s New Cyber Guidance

During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the last several years. The financial impact to companies to prevent and then respond to a breach cannot be overstated.

Topics: Cyber Assurance Insights, Cyber SOC, risk management

Feb 27, 2018 1:04:33 PM

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted with the global standards highlighted below:

Topics: Cyber Assurance Insights, Compliance, Cyber SOC, SOC for Cybersecurity, SOC 1 Audit, cybersecurity, securing your data

Feb 2, 2018 4:06:23 PM

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of federal entities. However, NIST 800-171 serves as a best practice for controls for privacy and security for many types of unclassified data.

Topics: Compliance, NIST 800-171, Cyber Regulations, IT GRC, Cyber GRC, Cyber Assurance Insights

Jul 25, 2017 10:02:00 AM

What You Need to Know About Cyber Regulations

Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers.  Recently, the Senate moved forward a bill requiring public companies to 1) name a cyber security expert on the board or 2) explain the other cyber security steps taken if no board member has cyber security expertise (the Cybersecurity Disclosure Act of 2017).  The bill has bipartisan support and is a common sense next step.  This bill is very similar to the requirement that came out of SOX that required a financial expert on audit committees. 

Topics: Cyber Assurance Insights, Cyber Regulations

Jul 20, 2017 10:37:00 AM

Better, Faster, Cheaper? What Audit Clients Should Expect from Next Generation Audits

The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be accomplished by machines in the not too distant future. Oddly enough for a client service profession, the topic of how these changes will impact our clients has never come up. A quick Google search shows no articles or information on what audit clients should expect to experience in the next 3-7 years. With all the focus on our profession, processes and standards, we’ve lost focus on the most important part of our services: the client.

Topics: Next Gen Audits, Audit of the Future

Jun 23, 2017 7:05:00 AM

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys.  The stories of significant cyber breaches are in the headlines every day.  Board members and CEOs are growing more and more concerned about cyber risk management in their organization.  But most don’t realize that each of the three breaches listed above were linked to 3rd party service providers and business associates.

Topics: Cyber Assurance Insights, SOC for Cybersecurity

May 17, 2017 10:31:00 AM

Cyber SOC – What Board Members Need to Know

The AICPA has issued its much awaited standard on cyber security.  The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security.  In the past, organizations relied on various consultants, internal resources, and sometimes just plan luck, in identifying and mitigating cyber risks.  The Cyber SOC fundamentally changes how cyber threats are evaluated and managed.  It allows for an independent, objective look at an organizations processes, policies and controls around cyber risks. 

Topics: Cyber Assurance Insights, Cyber SOC

May 16, 2017 10:00:00 AM

President Trump's Cybersecurity Executive Order: What You Need to Know

Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning and raises the question:  what is the US doing about cyber security?

Topics: Cyber Assurance Insights, Cybersecurity Executive Order

Mar 30, 2017 10:05:00 AM

Audit Risk in Penetration Tests: What You Should Know

Cyber risk is prevalent in almost every business today. Any business which has a web page, keeps information online, or uses the cloud is at risk for a cyber breach. It’s very interesting to me that these risks are so significant and widespread, but are rarely considered in an audit or internal audit engagement. The AICPA is working on a much awaited framework for evaluating and reporting cyber risks. In the meantime, auditors should begin to familiarize themselves with ways to identify and mitigate cyber risks.

Topics: advanced penetration testing

Feb 21, 2017 9:15:37 AM

R.I.P. VCRs: Lessons in Disruption for the Audit Industry

I was shocked to learn the last VCR rolled off the assembly line in July 2016. I remember my family buying our first VCR – the magic of being able to watch any one of our 6 cassette movies at any time, pausing when you needed a break, fast forwarding through the boring parts. It was a miracle and changed how we watched. As I reflected, I’m even more shocked that VCRs were still being made as recently as last year. Movies, television, “content” are all available on any live streaming device. I watch movies on my phone from the air when I travel. It’s a far cry from the good old days of Betamax. The accounting profession is facing the same type of changes as VCR manufacturers. Tax services have already seen the impact of technology with the advent of tax return software. Audit has been a little slower to be impacted – but believe me when I say change is coming. Technology is currently available that allows for automation of a lot of what our staff accountants did as recently as last year. Lead sheets, roll forwards, analytics and even financial statements can be prepared with a click of a few buttons.