Automating SOC 2 Audit Workflows
Sam Li and Austin Ogilvie, co-CEOs of Laika, on the compliance-as-a-service business model
The real wedge in compliance software is not helping startups fill out forms, it is turning a manual audit factory into software assisted throughput. Legacy SOC 2 work was often done with screenshots, spreadsheets, email threads, and even onsite evidence collection, which made audits slow, expensive, and inconsistent across firms. Laika’s push to equip auditors directly points at the bottleneck where compliance platforms can control cycle time, quality, and eventually more of the economics.
-
Before automation, SOC 2 audits often cost $50,000 to $100,000 and could take more than a year. Auditors might show up in person, ask for screenshots and policy docs, and manually map that evidence to controls. That old workflow created the opening for Laika, Vanta, and others to pipe system data straight into the audit process.
-
The key product change is that auditors see the same underlying data the company already connected, from cloud systems, HR tools, code repos, and devices, but organized in audit language. That lets smaller audit firms lower price per engagement while finishing more engagements, which raises throughput even if revenue per audit falls.
-
This is also why the market split. Pure software players like Vanta and Drata focus on evidence collection and continuous monitoring, while Thoropass, formerly Laika, moved further into integrated audit and services. The more a company owns auditor workflow, the more it can compress turnaround time, but the less it looks like pure software margins.
The market is heading toward continuous compliance, where the audit becomes a periodic check on data that is already being collected every day. That shifts value away from accountants assembling evidence by hand and toward platforms that own integrations, auditor workflow, and adjacent products like vendor reviews, trust centers, and penetration testing.