PRIMARY CONTACT: Eric M. Wright CPA, CITP
System and Organization Controls (SOC) reports (formerly SSAE 16, SAS 70 report) are examinations provided by CPAs in connection with system-level controls of a service organization or entity-level controls at other organizations.
Business owners need to ensure sensitive data is protected, especially as it relates to financial and personally identifiable information (PII) and protected health information (PHI) of customers. Organizations also continue to face pressure from regulators and customers to demonstrate that adequate controls are in place with respect to the processing of transactions and internal controls over financial reporting. Government regulations, including Section 404 of the Sarbanes-Oxley Act of 2002 (SOX 404), Gramm-Leach-Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA) stress the need for effective internal controls. System and Organization Controls (SOC) examinations provide management with assurance regarding the effectiveness of an organization’s internal controls, while also providing insights for opportunities to improve internal controls and risk mitigation activities. Further, standard contracts typically require organizations to attest to the effectiveness of their internal controls. Obtaining a SOC report has become increasingly relevant for organizations of all sizes, as the resulting report can be provided to customers and prospective customers to demonstrate that effective internal controls and related safeguards have been implemented.
Ensuring the company has robust internal controls and policies and practices in place is essential. In fact, many may expect to see a SOC report before doing business with a company. This examination (often referred to as a “SOC audit”) verifies that the controls, processes and procedures have been tested and indicates whether controls are effective. Some organizations may desire a SOC 1 examination, while others will obtain more value from a SOC 2 or SOC 3 report. Whatever the desired level of assurance, it’s important to work with an experienced provider to drive the process.
Schneider Downs provides SOC examinations nationally to over 100 clients annually in a variety of industries. Our dedicated group of professionals spend the majority of their time providing services related to the evaluation, optimization and testing of internal controls and control environments in support of SOC reports, internal audit co-sourcing or outsourcing, Sarbanes-Oxley Section 404, and several other RAS practice offerings.
Learn more about our practice at SOC.
SOC Services
SOC Resources
About Schneider Downs SOC Services
Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started and learn more about our practice at SOC.
DOES YOUR ORGANIZATION NEED A SYSTEM AND
ORGANIZATION CONTROLS (SOC) REPORT?
Big Problem: Company Impacted By Ransomware.
Big Thinking: Restore System On-site And Avoid Six-figure Ransom.
Big Problem: Inefficient Tax Credit Realization.
Big Thinking: Identified A $900,000 Tax Credit, Nearly Twice As Much As Prior Years.
Receive all the latest insights and industry tips.
Schneider Downs is a Top 60 independent Certified Public Accounting (CPA) firm providing accounting, tax, audit and business advisory services to public and private companies, not-for-profit organizations and global companies. We also offer Internal Audit; Technology Consulting; Software Solutions; Personal Financial Services; Retirement Plan Solutions and Corporate Finance Services. Schneider Downs is the 13th largest accounting firm in the Mid-Atlantic region and serves individuals and companies in Pennsylvania (PA), Ohio (OH), West Virginia (WV), New York (NY), Maryland (MD), and additional states in the United States with offices in Pittsburgh, PA, Columbus, OH, and McLean, VA.
© 2024 Schneider Downs & Co., Inc. Maryland license number 35239.
Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.
"*" indicates required fields