SOC (Service Organization Control) Engagements (Formerly SAS 70)

SOC Web_2cSOC (Service Organization Control) Engagements (Formerly SAS 70)

HLB Gross Collins, P.C. has the knowledge, industry expertise and resources needed to help you with your SOC engagement.  We are able to provide a quality review in an efficient and cost-effective measure based on:

  • Our knowledge of what operational areas require review.
  • Our ability to evaluate the appropriate control objectives and identify any design deficiencies or control weaknesses.
  • Our thorough understanding and compliance with AICPA regulations governing these types of reports.


What are SOC engagements?

Many service organizations and other entities are familiar with SAS 70.  Innovations in technology and the increasing use of outsourcing have led to these reports being used in ways that were never intended. Specifically, SAS 70 engagements were not designed to examine compliance and operational issues, such as security, availability, processing integrity, confidentiality or privacy.  However, the American Institute of CPAs has released a new series of reporting options, called Service Organization Control Reports, that enables CPAs to provide assurance on internal controls over subject matter other than financial reporting while filling the marketplace’s need to demonstrate reliability and mitigation of risk. They are called SOC 1, SOC 2 and SOC 3 reports.

Why is a SOC engagement needed?

A SOC engagement  is valuable in that it is a statement indicating that the service organization has had its control objectives and activities evaluated by an independent firm such as HLB Gross Collins, P.C.  The report provides significant value both to the service organization and to those who utilize their services. It is a statement that establishes effectiveness and integrity with the organization’s quality control measures and goes toward building trust among the organization and their clients.  Because the activity of these service providers entails financial or other sensitive information relevant to their customers, it is imperative that they demonstrate sufficient controls and safeguards where the housing of this information is concerned.

SOC engagements are gaining prominence as entities continue to outsource core business processes to third party service providers and as regulations increase their focus on internal controls.  SOC engagements enable auditors to report on internal controls of a service organization.  The engagements cover subject matters related to financial reporting as well as non-financial reporting.  Depending on the needs of the user entity, three different types of SOC reports can be provided:  

 

For additional information or if you have questions about your firm’s SOC needs, please contact our Director of Consulting Services, Jeff Plank.