SOC Reporting | SOC Audit and Compliance

BUILD CONFIDENCE WITH YOUR CUSTOMERS AND STAKEHOLDERS

In an unpredictable economy, all organizations—especially those that are service based—need to demonstrate that they have control of information passing through their organization. Having strong internal controls over processes is essential to customers who are relying on your services, and obtaining a SOC® report will offer that confidence to not only your customers, but all of your stakeholders as well.

When you trust Sikich to perform a SOC® engagement, you will receive a report to relay information to your customers and demonstrate your commitment to internal controls and effective operations.

HELPING YOU NAVIGATE YOUR SOC REPORT OPTIONS

Service auditor reporting has evolved in recent years into a framework of three System and Organization Controls (SOC®) reports. This change provides service organizations the opportunity to select the most appropriate reporting option for their customers, depending on their specific needs. In general, the new service auditor reporting framework is focused as follows:

SOC 1®
A SOC 1® examination is focused on the controls related to financial statement reporting. Companies that have outsourced critical functions that impact financial reporting need to assess controls over outsourced functions in the same manner as if activities were performed in-house; therefore, they typically require a SOC 1® report. Management of the service organization is required to provide a “written assertion” for inclusion in the report.

SOC 2®
The SOC 2® report has been designed to address controls other than those relevant to financial reporting; this report is often most appropriate for technology and cloud service providers. This audit is governed by a set of Trust Services Principles and Criteria that include Security, Availability, Processing Integrity, Confidentiality or Privacy. This is a restricted-use report, intended for management, customers, and their financial auditors.

SOC 3®
The SOC 3® report covers the same subject matter as SOC 2® (i.e., the Trust Services Principles and Criteria), but provides a simple, publicly available report as the final deliverable.

Are you considering a report?

Have your customers requested independent, third-party verification of your internal control environment or access to your facility to perform audit procedures? Or are you looking into a report for competitive reasons? No matter the reasoning, Sikich can help your team navigate the reporting options and determine the best fit for your organization.