How Sinch modernized their audit process with Thoropass

Most compliance teams have defaulted to the mindset that audits are, by nature, painful—a necessary evil that the organization must survive. But what if that mindset is exactly what’s holding your business back?

“I’m sure that sounds bold coming from someone who’s lived through SAS 70, SSAE 16, ISAE 3402, and everything in between,” says Dan Ross, Director GRC at Sinch. “But I’ve seen firsthand exactly how audits can drain time and energy without adding much value.” 

That’s exactly what Ross’s team was experiencing at Sinch. For years, Sinch’s audits were an annual fire drill that left its GRC team burnt out and its stakeholders frustrated. But now, after rethinking its approach to audits, Sinch’s team understands that there’s a better way. The company’s audits run smoothly, take less time, and even help the business move faster and more efficiently. 

Here’s how they got there—and what they wish they’d done sooner.

The old way: when audits were a nightmare

Before its transformation, Sinch’s audit process was everything you’d expect from a broken system. Audits stretched three to four months, sometimes longer. The GRC team was drowning in nearly 400 lines of evidence requests, creating confusion and inefficiency at every turn.

Ross had his entire GRC team stepping outside of their defined roles to function as project managers, desperately trying to sell the SOC 2 program to individual department leaders—and hoping their commitment would filter down to their respective teams. 

“We built our own makeshift auditing platform using internal Google spaces, creating folders and trying to wrangle evidence from teams who had no idea what auditors actually needed,” Ross says.

Sinch’s auditor relationship at that time was completely impersonal. Its previous firm (a step down from the Big Four, Ross notes, but still a major player) had zero interest in learning about Sinch’s story or understanding its unique challenges. Instead, they showed up for audits with a checklist mentality: Give us what we ask for, exactly how we ask for it, and don’t expect us to care about your business context.

The burnout was real and devastating. Ross says he lost one of his best employees—his first hire from when the company was still called Mailgun and the GRC team was still a two-person operation. 

“Right before our 2024 audit, she resigned, telling me point-blank: ‘I can’t go through it again,’” Ross says.

This was someone who knew Sinch’s systems inside and out. But the stress of managing hundreds of evidence requests, constant spot checks, and months of pre-audit preparation had pushed her to the breaking point.

When you’re spending six to seven months of the year either preparing for, going through, or recovering from audits, you’re not building strategic value—you’re just treading water.

The shift: recognizing the need for a partner, not just an auditor

The loss of Ross’s valued employee put him on the hunt for an alternative solution. 

“Honestly, we got a bit lucky with our transition,” he says. “Right around the time Sinch’s contract was ending with its previous auditor, Thoropass came across my desk through a connection.”

What sold Ross after just an hour of conversation was hearing about Thoropass’s unique approach to the entire audit relationship. They weren’t only asking what evidence Sinch could provide—they wanted to understand Sinch’s overall business, its growth trajectory, and how compliance could help them achieve their goals instead of holding them back.

“For the first time, I felt like my input mattered,” Ross says. “After two decades in this space, I had a battle-tested perspective on what works and what doesn’t in audits and compliance.” 

The Thoropass team didn’t just listen—they actively incorporated Ross’s feedback into how they structured Sinch’s engagement. As a result, Ross felt like he was working with a partner who understood that auditors need to maintain independence while still being collaborative.

Breaking down the ‘how’: process, people, and technology

Sinch’s audit transformation happened across three critical dimensions: How the company structured its processes, how it realigned the GRC team’s role, and how technology enabled new efficiencies.

Process

Thoropass enabled a completely different philosophy about evidence collection. Instead of 400 scattered requirements, they focused on essential controls that actually mitigate risk. The company’s auditors understood the minimum requirements and asked Sinch for exactly what was needed, nothing more.

The platform allowed direct task assignment, eliminating the telephone game Ross’s team was used to playing. With cross-team clarity, everyone could see exactly what was needed, submit evidence directly, and get real-time feedback about whether submissions met requirements.

People 

Sinch’s GRC team transitioned from being project managers constantly chasing evidence to becoming strategic advisors. “Instead of saying, ‘You need to submit this by Friday,’ we could say, ‘Here’s what the auditors are looking for, and based on our experience, this approach will save you time and reduce back-and-forth,’” Ross says.

That role shift saved Sinch headcount and dramatically reduced team burnout. When teams had questions, they could get expert guidance rather than generic project management. When they submitted evidence, Thoropass could quickly assess whether it would meet auditor expectations and suggest improvements before formal submission.

Technology

The Thoropass platform created visibility and accountability that Sinch’s old Google Drive folder system could never match. Automated monitors flagged potential issues before they became audit findings. Teams could track their progress, see dependencies, and understand how their work fit into the bigger compliance picture.

But here’s what really set it apart: The platform facilitated better communication between auditors and Sinch’s internal teams. Thoropass auditors came prepared with specific, relevant questions. They understood Sinch’s industry and technology stack well enough to have productive conversations, instead of sending the GRC team on fishing expeditions.

The strategic impact: from cost center to competitive advantage

The transformation enabled by Thoropass delivered results that went far beyond “easier audits.” Sinch successfully shifted from viewing compliance as a necessary cost center to recognizing it as a strategic enabler that could accelerate growth, reduce operational friction, and strengthen stakeholder confidence.

Operational efficiency

Sinch’s audit timeline compressed significantly. What used to be three to four months of intensive fieldwork became a much more streamlined process. More importantly, the year-round burden was lifted. Instead of spending half of the year in audit preparation and recovery mode, Ross’s GRC team could focus on continuous improvement and strategic initiatives.

Market expansion and sales velocity

When Sinch acquired Mailgun, Ross’s team went from managing SOC 2 for three products to eventually expanding across nine or ten products—without adding headcount. 

With its old auditing approach, that expansion would have been operationally impossible. But with streamlined processes, Sinch could respond agilely to customer demands for SOC 2 certifications on specific products. 

New market entry became faster because the company wasn’t bottlenecked by compliance readiness. Sales cycles shortened because prospects had confidence in Sinch’s security posture from day one.

Internal and external trust

Sinch’s improved audit experience strengthened relationships across the board. Internal teams stopped dreading audit season because the process became predictable and respectful of their time. External auditors developed a genuine understanding of Sinch’s business context, leading to more relevant recommendations and fewer surprise findings.

Engineering leaders were no longer frustrated by auditors who clearly didn’t understand the company’s platforms or industry dynamics. Instead, they engaged in productive conversations with auditors who asked informed questions and kept meetings focused and brief.

The lesson: audits can be strategic assets

If you’re reading this thinking, “This sounds too good to be true,” Ross understands the skepticism. 

“I spent years blindly accepting that audits needed to feel difficult and painful,” he says. “But here’s what I’ve learned: The quality of your audit experience is directly tied to the quality of your audit partner.” 

Auditors who see their role as checking boxes will deliver a checkbox experience. Audit partners who understand that compliance should enable business growth will help you build systems that support both objectives.

The employee Ross lost to audit burnout? She still reaches out occasionally. He tells her how much better things are now. “Maybe someday she’ll believe it enough to come back,” he says. “In the meantime, I can have peace of mind that no one on my current team will ever have to make that choice between their well-being and their job.”

If your audits feel like something you have to survive rather than leverage, it’s time to rethink your approach. The right partner won’t only make audits more bearable—they’ll help you build compliance into a competitive advantage.Ready to explore what modern audit management looks like for your organization? Talk to a Thoropass expert about transforming your audit experience.