In recent years, there has been a greater focus on internal controls by regulators, boards of directors, and others charged with governance, creating an increased demand for attestation reports for controls over financial reporting and other matters.
As a result, the American Institute of CPAs (AICPA) developed a framework for Service Organization Control (SOC) reporting that involves an examination which reports on the controls at a services organization. Service organizations must carefully balance your clients' need for the review while also managing your organization's investment in the examination.
The P&N team has generated a number of SOC reports for clients in a variety of industries. We tailor our SOC services to ensure that service organizations receive the highest level of assurance over the effectiveness of their internal controls, and work with clients to determine which type of SOC report is best suited for your organization's needs. Our SOC services team includes professionals with internal control training and backgrounds. They have completed the AICPA’s SOC School and hold relevant certifications.
The P&N team completes all acceptable types of SSAE 16-related reporting, including:
- SOC 1 Report, Types I and II: SOC 1 reports focus on internal controls related to financial reporting. A SOC 1 report is provided to an organization's auditor.
- SOC 2 Report, Types I and II: SOC 2 reports focus on internal controls related to security, availability, processing integrity, confidentiality, or privacy. They are provided to internal management and other specified
- SOC 3 Report, Types I and II: SOC 3 reports are the same as SOC 2 reports, except they're provided to interested parties and include a CPA's professional opinion on relevant control issues.