As compliance demands grow more complex, organizations are under pressure to prove trust faster, meet overlapping requirements, and do it all without overwhelming their teams. That’s especially true for companies navigating multiple frameworks at once—whether that’s SOC 2, ISO, PCI, HITRUST, FedRAMP, CMMC, HIPAA, or others.
In this edition of Partner POV, we’re spotlighting Baker Tilly, a leading national advisory, tax, and assurance firm. Known for its industry-first approach and deep bench across accounting, finance, tax, and compliance, Baker Tilly helps organizations simplify complex assurance and compliance challenges while improving efficiency across the business.
We spoke with Jared James, Principal at Baker Tilly, about what clients are struggling with most right now, where the market is headed, and how organizations like Drata can pair compliance automation with Baker Tilly’s advisory and assurance experience to help organizations move from reactive audit prep to proactive compliance management.
More Frameworks + Higher Expectations = Less Room for Inefficiency
According to Jared, customers are facing a familiar but intensifying reality: vendors and service providers are being asked tougher questions about information security, internal controls, and operational maturity. At the same time, many organizations are expanding globally and finding themselves accountable to multiple standards and frameworks at once.
The assumption, Jared noted, is often that combining efforts across frameworks and reporting requirements, like ISO, SOC, FedRAMP, HITRUST, and CMMC will automatically create major efficiency gains.
In practice, that’s not always how it works.
Each framework exists independently for a reason. While there may be overlap, they are fundamentally different in what they require and how organizations are expected to demonstrate compliance. That creates complexity for everyone—from early-stage startups trying to pass third-party risk assessments to large enterprises managing broad, resource-intensive compliance programs.
That’s where Baker Tilly comes in. The Baker Tilly team works with organizations to identify opportunities for alignment across frameworks, reduce unnecessary duplication, and build scalable compliance programs tailored to the organization’s size, industry and risk profile.
Compliance Should Follow Good Processes (Not Create More Overhead)
One of the clearest themes from our conversation with Jared was this: organizations don’t just want to know what is required. They want to know how to meet those requirements without overengineering their compliance programs or draining internal resources.
Baker Tilly approaches each engagement as an opportunity to help clients calibrate. That means identifying where controls or processes may be underbuilt—and just as importantly, where they may be overbuilt.
Their philosophy is simple: compliance should be embedded into strong operational processes rather than treated as a separate administrative exercise.
Rather than encouraging documentation for documentation’s sake, Baker Tilly works with clients to create efficient, practical programs that support both audit readiness and day-to-day operations. The goal is to help organizations build sustainable governance practices that scale alongside the business.
An Underestimated Trend: Why AI Risk Extends Past Privacy
When asked what shift the market may be underestimating, Jared pointed to a topic that’s everywhere right now: AI.
While many organizations are beginning to think seriously about privacy implications, Baker Tilly sees a broader set of AI-related risks that deserve attention. That includes:
Establishing governance around AI-assisted workflows and decision-making
Validating AI-generated outputs and maintaining appropriate human oversight
Building internal processes for testing, review, and accountability
Helping employees understand where human judgment remains essential
In other words, the risk conversation can’t stop at data privacy. Organizations also need stronger governance around how AI is used, how outputs are checked, and where human judgment remains essential.
How Drata’s Proactive Visibility Enhances Scalability for Baker Tilly Clients
For many organizations, the true state of their compliance program doesn’t become clear until the audit is already underway. And by then, the leading indicator often becomes the number of findings.
Jared shared that, for clients using Drata, one of the biggest advantages is improved ongoing visibility into control environments between audit cycles. This allows organizations to identify and address potential gaps earlier, complementing broader readiness and compliance efforts.
For organizations using Drata, Baker Tilly can help clients:
Understand common audit expectations and documentation needs
See where controls are strong—and where they need attention
Identify low-effort opportunities to improve compliance hygiene
Focus on higher-risk areas before they become audit issues
Build practical roadmaps from good, to better, to best
That proactive visibility is especially valuable for organizations trying to scale their programs across multiple frameworks without creating more manual work.
Where Customers See the Most Value
Jared pointed to several Drata features and capabilities that consistently resonate with Baker Tilly clients, especially when paired with guidance from experienced audit professionals:
Continuous control monitoring
Tech stack integrations with real-time information
Automated evidence collection
Vendor risk management/TPRM workflows and documentation
Built-in Trust Center capabilities
Auditor collaboration
These features help reduce the burden of audit prep while giving organizations a clearer, more continuous view of their compliance posture.
One standout example came from a Baker Tilly client with a highly manual vendor management program. It was difficult for the team to stay on top of ongoing evaluations and understand what mattered most during reviews. Baker Tilly worked with the client to evaluate Drata’s vendor risk management capabilities, helping the organization bring more structure, visibility, and consistency to its third-party risk management efforts.
The Impact: Fewer Surprises, Faster Audits, Stronger Outcomes
For organizations that implement Drata effectively, Baker Tilly has seen meaningful operational improvements.
Jared highlighted outcomes including:
Faster time to report issuance
Greater efficiency in evidence collection
Fewer manual handoffs during audit preparation
Reduced likelihood of unexpected findings
In one example, a Baker Tilly client managing three different SOC reports had a deeply manual process that typically took five to six months from start to finish. After implementing Drata and shifting to a more continuous approach to evidence maintenance, the organization significantly improved its evidence collection process and reduced the overall timeline to about two months.
That kind of acceleration doesn’t just make audits more manageable—it frees up internal teams to focus on improving controls, supporting the business, and planning ahead.
Managing Complexity Across Multiple Audits and Different Frameworks
As compliance programs become more complex, Baker Tilly sees growing demand for tools that help organizations stay ahead of multiple audits, multiple frameworks, and increasing stakeholder expectations in a more centralized and sustainable way.
Jared emphasized how Baker Tilly values Drata’s responsiveness to feedback and ongoing investment in new features and workflows. Looking ahead, the team is especially excited about helping clients use Drata to manage the growing complexity of maintaining multiple audits across different frameworks—without losing visibility, consistency, or control.
Combining Advisory Insight with Compliance Automation
Baker Tilly’s familiarity with Drata has evolved alongside customer demand for compliance automation. What began as a connection around tool usage and interpretation has grown into a broader understanding of how clients use compliance automation to support readiness and ongoing compliance.
That evolution reflects a broader reality in the market: organizations don’t just need software, and they don’t just need auditors. They need the right combination of technology, expertise, and process guidance to build compliance programs that are sustainable, scalable, and ready for what’s next.
With Baker Tilly’s deep framework expertise and Drata’s Agentic Trust Management Platform, customers are better equipped to streamline audits, reduce manual effort, and better understand their compliance posture before the stakes get higher.
Organizations looking to simplify compliance across frameworks, improve audit readiness, and create more transparency across their controls environment can build a more proactive and sustainable approach by pairing compliance automation with experienced advisory and assurance guidance.
Ready to get started? Connect with the Baker Tilly team and schedule a demo with Drata today.
