Establishing Credibility with Your Customers
If your business provides outsourced service functions like payroll, cloud computing, document management or many others, your customers may be looking for independent validation of your controls. This could be to satisfy their own Sarbanes-Oxley requirements or as part of their own internal due diligence on vendors. When many customers begin investigating your controls, you can satisfy multiple requests with a single SOC report.
High profile fraud cases come with heightened awareness of the need for internal controls. There is also increased concern over data protection as more companies offer cloud-based services in a Software as a Service (SAAS) model. We can provide an objective evaluation of how well information is protected so you can show your customers their data is in good hands.
We provide the following SOC services:
- SOC Readiness Assessment. The first time you have to do something, there is a level of fear involved. You can reduce that fear before you undergo your first SOC examination by seeing if your controls measure up.
- SOC 1 Report or Standards for Attestation Engagements No. 16 (SSAE 16). This is the replacement report for Statement on Auditing Standards (SAS) 70. There are two different SOC 1 reports that can be issued; both look at a service organization’s internal controls over financial reporting.
- SOC 2 Report. This is an evaluation of a service organization’s controls on data security, availability, processing integrity, confidentiality and privacy.
- SOC 3 Report. Intended for public use, this is a simplified version of a SOC 2 report.
Service Organization Controls Experience: As certified public accountants (CPAs), we uniquely understand the SOC requirements developed by the American Institute of CPAs. In addition, our team of auditors was involved in Statement on Auditing Standards (SAS) 70 and SSAE 16 reporting before it evolved into SOC reporting, and we have professionals with significant experience establishing and testing internal controls and IT controls.
Contact us to ask about our SOC services and how a SOC report may be the seal of approval you need to show your customers that you have effective controls over their information.
If you have questions about SOC reports, what they mean and their impact on various stakeholders, be sure to check out our SOC FAQs.