This is clearly false from what I've seen. If you read the source Substack article and look through the list of auditors they have, it is impossible to trace down who the US-based CPA is that's issuing the report. These firms, for all intents and purposes, do not really exist. They use shell addresses in Wyoming and Texas that are registered agent offices, etc.
But really all you have to do is look at the reports themselves. They are so shoddily written that it's hard to believe any legitimate firm would issue them. If you Ctrl F for Clueley in this thread, you will see my comment with a sample excerpt from the assertion of management for one of their reports.
Present assurance definitely exists in the US. Outside of delve, I have seen their reports for vanta and it’s the same. it was 95% policy inspections and 5% loooked at a GRC tool.
I assume you mean this "Prescient Assurance? As detailed in this section of the post?
6.7 Misled auditor - Prescient
With this conclusion:
Looking at that report, there are clear signs that Delve either knowingly misled Prescient, or that Prescient accommodated Delve’s deficient process. Given their reputation and by the small number of Delve/Prescient reports out there, I’m assuming it is the former.
I've used Prescient in the past and found them on par with others. Policy evidence is at most about 30%. Everything else is show-don't-tell. Either live screen shares, screenshots, non-policy documentation, or evidence from a shared vendor that's integrated into the environments and security tools (like Drata).
But really all you have to do is look at the reports themselves. They are so shoddily written that it's hard to believe any legitimate firm would issue them. If you Ctrl F for Clueley in this thread, you will see my comment with a sample excerpt from the assertion of management for one of their reports.