Instead of making statements about how WebTrust Practitioner system is supposed to operate can you, in simple terms of a yes/no state if the Princeton Audit Group was a certified auditor at the time they did the audit (since the CPA Canada website only provides a current listing and not previous entries that have expired/been decertified), and what evidence you have if you claim that they were? Surely you have evidence you used an accredited auditor, right?
Also this lack of historical data seems like a pretty significant failure on the part of CPA Canada, perhaps someone should start archiving https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/licensed-webtrust-practitioners-international at regular intervals? Ditto for the other countries/etc. Sigh. On Tue, Dec 6, 2022 at 11:50 AM Rachel McPherson <[email protected]> wrote: > Hello Joel, > > If CPA Canada or WebTrust had any reason to believe he was not duly > accredited, they would not have affixed their WebTrust seal, which only > they can do. > > Princeton Audit Group was listed as a WebTrust Practitioner on the CPA > Canada website up until a few days ago and they update it quite regularly, > probably based on who's paid their fees for the year. > > Best Wishes & Warmest Regards, > > Rachel > > > On Dec 6, 2022, at 1:07 PM, Prof. Reardon <[email protected]> > wrote: > > Hello all: > > In a previous thread I shared some concerns about a root CA, a followup > message > from Ryan at Google indicated a number of auditing perculiarities [1]. The > auditor, Princeton Audit Group, seemed to have done limited work as an > auditor, > the auditor described the CA operation in a different location than the > attestation, and that the auditor was only licensed in the USA. > > Since then it has come to my attention that the auditor's firm appears to > have > not had a license since June 30th, 2021 [2]. Despite that, it provided > audits > for the TrustCor CA in November 2021 [3]. > > I reached out to CPA Canada about this. I haven't heard back yet, though I > have > noted that Princeton Audit Group no longer appears to be listed as a > WebTrust > practitioner [4]. > > During the prior conversation [1], Watson made a great point, which is > that rotating > auditors is a good defence against excessive chumminess and normalization > of > deviance, and that SOX requires rotating auditors for public firms and > that this > maybe a worthwhile addition to the guidance for CAs. I wanted to make sure > that > didn't get lost and echo that such a future requirement makes sense to me > as well. > > Thanks, > Joel Reardon > > > [1] > https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/ > (5th post) > > [2] https://newjersey.mylicense.com/verification/ > (do business search for Princeton Audit Group, which gives a license > number of > 20CB00580700 with inactive status ) > > [3] Three of them: > > https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=c8857fc5-b201-4c4c-8717-f455b10ff5bc > > https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=459d2155-e50c-4497-929c-ee8a57f77708 > > https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=b18568ae-e794-48be-aa54-c86b6411179a > > [4] > https://www.cpacanada.ca/en/business-and-accounting-resources/audit-and-assurance/overview-of-webtrust-services/licensed-webtrust-practitioners-international > > > > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/12160e2e-0d14-4df7-ae87-890d2cf949b3n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/12160e2e-0d14-4df7-ae87-890d2cf949b3n%40mozilla.org?utm_medium=email&utm_source=footer> > . > > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0768F8B9-39FB-4E12-B8C2-6C53F4E2941A%40trustcor.ca > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/0768F8B9-39FB-4E12-B8C2-6C53F4E2941A%40trustcor.ca?utm_medium=email&utm_source=footer> > . > -- Kurt Seifried (He/Him) [email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CABqVa3_vrUHrOHQT290jVmwNE9eRrkCn5swEiJpxGgUvFoLXfA%40mail.gmail.com.
