Wipfli logo

SOC Examinations

Governance, risk and compliance

Get transparent and thorough SOC examinations

System and Organization Controls (SOC) examinations allow clients to project confidence and provide independent assurance to current customers, prospects, and their financial statement auditors that processes and controls are sound.

Wipfli’s experienced auditors work collaboratively with clients to thoroughly complete the various types of SOC examinations.

Our SOC services

SOC for service organizations

These internal controls reports provide valuable information that users of outsourced services need to assess and respond to the risks over services provided by service organizations.

  • SOC 1:  We work with you to evaluate and document your internal controls over financial reporting.
  • SOC 2:  Secure a report on trust services criteria relevant to one or more of the following principles: security, availability, processing integrity, confidentiality and privacy.
    • SOC 2 for HITRUST: Our team helps service organizations that desire to use the SOC 2 reporting framework to leverage both the SOC 2 Trust Services Principles and the HITRUST Common Security Framework (CSF). 
  • SOC 3:  We can help examine and produce a general use report on your trust services criteria relevant to one or more of the following principles: security, availability, processing integrity, confidentiality and privacy.

SOC for cybersecurity

Evaluate and document your cybersecurity risk management program and related controls based on the AICPA cybersecurity reporting framework.

SOC for supply chain

We can help entities that produce or distribute products complete a SOC for supply chain report that describes their supply chain risk management efforts.

Cloud Security Alliance

Wipfli is here to help your organization meet the ever-changing security demands of the digital space and address the risks inherent in cloud-based environments. As an assessor firm within the Cloud Security Alliance network, we can help you evaluate your preparedness against the Cloud Controls Matrix, including readiness, agreed-upon procedures and a full SOC 2+ attestation engagement.

Featured Thought Leader

Durward J. Ferland, Jr., CISA, CISM, CRISC

Durward has extensive knowledge of System and Controls (SOC) auditing and the Control Objectives for Information and Related Technology (COBIT). Leveraging over 18 years of IT experience, he also regularly performs IT audits, IT general control reviews, and readiness assessments for organizations across many industries.

Durward Ferland, Partner, South Portland, Maine
Full Profile
Contact Us

Mary Beth Marchione, CPA, CISA, CISSP

Mary Beth Marchione is a senior manager with over 12 years of experience in risk advisory services related to information technology (IT) audits, System and Organization Controls (SOC) reports, regulatory reporting and risk mitigation.

Mary Beth Marchione
Full Profile
Contact Us

Need a SOC examination?

Even if you’re unsure which one suits your needs, simply complete the form below and one of our professionals will contact you:

SOC exams for user entities
Everything you need to know about SOC audits, from when to ask a service provider for one to how to read an SOC report
Download white paper
Featured Insight

Top 3 SOC report exceptions and how they impact your auditor opinion

These are the three common categories of SOC report exceptions we see, plus how they impact your SOC auditor’s final opinion.

Read More
News
12/20/2022
Wipfli joins Cloud Security Alliance
Read All Wipfli News