Get transparent and thorough SOC examinations
System and Organization Controls (SOC) examinations allow clients to project confidence and provide independent assurance to current customers, prospects, and their financial statement auditors that processes and controls are sound.
Wipfli’s experienced auditors work collaboratively with clients to thoroughly complete the various types of SOC examinations.
Our SOC services
SOC for service organizations
These internal controls reports provide valuable information that users of outsourced services need to assess and respond to the risks over services provided by service organizations.
- SOC 1: We work with you to evaluate and document your internal controls over financial reporting.
- SOC 2: Secure a report on trust services criteria relevant to one or more of the following principles: security, availability, processing integrity, confidentiality and privacy.
- SOC 2 for HITRUST is Our team helps service organizations that desire to use the SOC 2 reporting framework to leverage both the SOC 2 Trust Services Principles and the HITRUST Common Security Framework (CSF).
- SOC 3: We can help examine and produce a general use report on your trust services criteria relevant to one or more of the following principles: security, availability, processing integrity, confidentiality and privacy.
SOC for cybersecurity
Evaluate and document your cybersecurity risk management program and related controls based on the AICPA cybersecurity reporting framework.
SOC for supply chain
We can help entities that produce or distribute products complete a SOC for supply chain report that describes their supply chain risk management efforts.
Featured Thought Leader
Robert D. Cedergren, CPA, CGMA, CITP, CISM, CISA, CGEIT
Bob is the leader of Wipfli’s risk advisory services practice. Leveraging his 20+ years of experience, Bob provides consulting services to clients in the areas of risk management and is a frequent speaker and author on risk management-related topics including risk assessments, business continuity planning, and management of internal controls.
Torpey White, CPA, CITP, CISA, CGMA
Torpey has more than 25 years of experience in public accounting and the private sector. He applies his extensive experience in risk advisory services to assist clients in protecting and tailoring their business environment to mitigate risk, identify trends, increase efficiencies, and gain a competitive advantage.
Durward J. Ferland, Jr., CISA, CISM, CRISC
Durward has extensive knowledge of System and Controls (SOC) auditing and the Control Objectives for Information and Related Technology (COBIT). Leveraging over 18 years of IT experience, he also regularly performs IT audits, IT general control reviews, and readiness assessments for organizations across many industries.