Get transparent and thorough SOC examinations
System and Organization Controls (SOC) examinations allow clients to project confidence and provide independent assurance to current customers, prospects, and their financial statement auditors that processes and controls are sound.
Wipfli’s experienced auditors work collaboratively with clients to thoroughly complete the various types of SOC examinations.
Our SOC services
SOC for service organizations
These internal controls reports provide valuable information that users of outsourced services need to assess and respond to the risks over services provided by service organizations.
- SOC 1: We work with you to evaluate and document your internal controls over financial reporting.
- SOC 2: Secure a report on trust services criteria relevant to one or more of the following principles: security, availability, processing integrity, confidentiality and privacy.
- SOC 2 for HITRUST: Our team helps service organizations that desire to use the SOC 2 reporting framework to leverage both the SOC 2 Trust Services Principles and the HITRUST Common Security Framework (CSF).
- SOC 3: We can help examine and produce a general use report on your trust services criteria relevant to one or more of the following principles: security, availability, processing integrity, confidentiality and privacy.
SOC for cybersecurity
Evaluate and document your cybersecurity risk management program and related controls based on the AICPA cybersecurity reporting framework.
SOC for supply chain
We can help entities that produce or distribute products complete a SOC for supply chain report that describes their supply chain risk management efforts.
Cloud Security Alliance
Wipfli is here to help your organization meet the ever-changing security demands of the digital space and address the risks inherent in cloud-based environments. As an assessor firm within the Cloud Security Alliance network, we can help you evaluate your preparedness against the Cloud Controls Matrix, including readiness, agreed-upon procedures and a full SOC 2+ attestation engagement.
Featured Thought Leader
Carrie Connell, CPA
Carrie has over 15 years of experience in assisting clients with Sarbanes-Oxley Section 404 compliance for accelerated filers and smaller reporting companies, FDICIA compliance, and operational and financial internal audits. She helps both public and private financial institutions ready themselves for and comply with SOX/404 and FDICIA reporting requirements and provides ongoing consultative advice to clients to continuously improve their programs.
Janice E. Harden, CPA
Janice Harden is an internal audit senior manager in the risk advisory services practice and has been with Wipfli since 2017 and has over 19 years of internal and external audit experience in public and private organizations. She assists clients with internal audit services and Federal Deposit Insurance Corporation Improvement Act (FDICIA) and Sarbanes Oxley Act (SOX) implementation and compliance.
Jim Rumph, CISA, CISSP, CEH
Jim Rumph began his career in technology audit in 2006 and today works in our risk advisory practice specializing in Information Technology internal controls consulting. He oversees projects including information technology (IT) general control reviews, System and Organization Controls (SOC) 1 and SOC 2 examinations and internal IT control testing for clients in financial services and a variety of other industries.