DIY SOC #5 | SOC Readiness Assessments | SOC Reporting

Robert Ramsay: Hello, welcome, and thank you for joining us for another Barnes Dennig SOC Report Readiness Assessment DIY Do-It-Yourself video. This is a pretty short one. We’re talking about Section 5, what’s often called Section 5, other
information not audited by the auditors. Bryan, what does section 5 do for you when you have one in the SOC report?

Bryan Gayhart: Yeah, so, like you said, it’s just other information. Right? So, for me, I just make sure it does line up with what’s in the description, so what’s in section 3, and that it doesn’t paint a different picture than what the service organization’s offering. And a lot of times, I’ll see section 5 they may include, maybe they had testing exceptions, and they wanted to put their response, they’ll put that in section 5.

Maybe they’re planning to move data centers or add an office, acquire a company, maybe they were acquired, they’ll put those sorts of things in section 5. So not necessarily key to the service offering, but just other information that the service organization feels is important to the readers. That’s what I typically see. What about yourself?

Robert Ramsay: Yeah, very good. SOC 1 on financial reporting will often add their disaster recovery or business continuity since it doesn’t really impact your debits and credits, but you think your customers care about it. So it’s pretty common for a
SOC 1 to have that. But you nailed it. That’s exactly what we see, some forwardlooking things they might change in the future. And I’m with you. We want to make sure it’s reasonable, and it’s not outlandish, but we’re certainly not going
to test it.

Bryan Gayhart: Before I flip to page 100 and find section 5, where can I find it in the report that would tip me off that there is a section 5?

Robert Ramsay: Most reports will have a table of contents, and that’ll let you know. Is that what you’re referring to?

Bryan Gayhart: No, I was going for the auditor’s opinion. Right? So in the third paragraph or so, the audit opinion’s required to include that section 5 describes whatever it’s describing and that it was outside the scope of the engagement.

Robert Ramsay: Very good, another place to find it. Awesome. Anything else?

Bryan Gayhart: No, I think that covers it. Section 5’s pretty easy. Pretty short and sweet.

Robert Ramsay: Perfect. Thanks for your time today, Bryan. And thank you for listening to our video, watching us on our video. Please call, click, subscribe, send questions. We’re happy to have a dialogue or help in any way we can.

AICPA SOC logo

Need a SOC report? Talk with one of our top SOC

reporting pros and find out which solution is right for you.

Apply Now