Provide a higher level of confidence to clients and prospects with a Service Organization Controls exam. With a clear, thorough and collaborative approach, experienced auditors work with clients to create and document processes that adhere to guidelines in the three SOC Reports.
- SOC 1 Report: User Entities Internal Control Over Financial Reporting
- SOC 2 Report: Security, Availability, Processing Integrity, Confidentiality, and Privacy
- SOC 3 Report: Trust Services
Key issues like security, availability, confidentiality, processing integrity, and privacy are reviewed and documented. Reports on each of three SOC guidelines provide customers, financial statement auditors and stakeholders critical confidence-building information on:
- The auditors’ report on internal control effectiveness
- A detailed description of the existing system
- Suitability of the design of current controls to meet key objectives
- Management controls
- Suitability of the operation of current controls
- Managements’ assertion on the suitability of controls
- Auditors’ test of controls and results
In summary, a SOC allows clients to confirm they are the right outsource option by projecting confidence and providing independent assurance to current customers and their financial statement auditors that processes and controls are sound.
Which Report is Right for Your Stakeholders?
To help you determine which SOC report or reports will best meet the internal control assurance needs of your stakeholders, we have developed the following decision tree. When combined with conversations with your Wipfli relationship executive, it can help you successfully make the right decision.
Robert D. Cedergren, CPA, CGMA, CITP, CISA, CISSP, CISM, CGEIT, CCSFPBob is the leader of Wipfli’s risk advisory services practice. Leveraging his 20+ years of experience, Bob provides consulting services to clients in the areas of risk management and is a frequent speaker and author on risk management-related topics including risk assessments, business continuity planning, and management of internal controls.