Service Organization Controls (SOC) Reporting
The top service organizations recognize that
one of the most important things they can do for long-term success is to keep their customers confident that they have strong internal controls.
In June 2011 (for years ending after June 15, 2011), the new Service Organization Controls (SOC) reporting framework (formerly SAS 70), as issued by the AICPA, became effective. An examination performed by independent auditors typically indicates that a service organization has the types of controls that its clients care about. A clean SOC report can often mean the difference in securing key customers, differentiating from the competition and reassuring customers that their internal controls are properly designed, implemented and operating effectively.
New clients. New Opportunity. We can help. Contact Rob Miller at (617) 559-4490 or rmiller@thebravergroup.com to discuss which report is right for your organization.
Which SOC Report is Right for You? |
||
| Will the report be used by your customers and their auditors to plan and perform an audit or integrated audit of your customer’s financial statements? | Yes | SOC 1 Report |
| Will the report be used by your customers as part of their compliance with the Sarbanes-Oxley Act or similar law or regulation? | Yes | SOC 1 Report |
| Will the report be used by your customers or stakeholders to gain confidence and place trust in a service organization’s systems? | Yes | SOC 2 or 3 Report |
| Do you need to make the report generally available or seal? | Yes | SOC 3 Report |
| Do your customers have the need for and ability to understand the details of the processing and controls at a service organization (as they relate to security, confidentiality, processing integrity, availability and/or privacy), the tests performed by the service auditor and results of those tests? | Yes | SOC 2 Report |
| No | SOC 3 Report | |
