System and Organization Controls Audit Services

SOC 1 and SOC 2 Audits

As a service provider, your clients need to know that your processes and security controls meet their standards in order to conduct business with you, which is both a competitive advantage to your service organization, and an assurance to your clients.

And as a company, you should know the strengths and weaknesses of your service providers to assure their systems and processes do not present risk to your financial reporting or data security.

What is a System and Organization Control (SOC) Audit?

SOC Audit definition

Many service companies have the potential to impact their customers’ financial information and data integrity across their business functions. Auditors of company financials and data security protocols require assurance that the controls and processes of those service providers are in full compliance so that the integrity of company financials and their data are intact.

 

System Organization Control Audits, or SOC Audits, are an analysis and report given on a service organization’s controls of said financial information and data integrity. These audits provide assurance to auditors that the processes service organizations are utilizing will not have a negative impact on financial reporting or data integrity.

Who should have a SOC Audit?

Companies that should have a SOC Audit

Any service organization that houses or services confidential and private financial data should consider performing a SOC audit of their organization.

  • SaaS companies
  • Payment processors
  • Service providers to insurance brokers and banks
  • Data outsourcers

Additionally, those serving high risk industries including:

  • Financial services
  • Healthcare
  • Professional services

What types of SOC Audits are required?

SOC Audits are organized into several types including SOC 1 and SOC 2, under the auspices of the AICPA (American Institute of CPAs) under the SOC reporting platform.

SOC 1 Report

The SOC 1 report focuses on a service organization’s controls relevant to an audit of a customer’s financial statements.

SOC 1 - Type 1 & 2
  • SOC 1 – Type I audits focus on a description of a service organization’s controls related to financial reporting and how relevant and effective those controls are designed to achieve the control objective at a point in time.
  • SOC 1 – Type II audits contain the same features of a Type I, however it adds an opinion on the operating effectiveness of achieving the control objectives relevant to financial information integrity through that time period.

SOC 2 Report

The SOC 2 audit report focuses on data integrity and a service organizations controls that effect operations and compliance, as outlined by the AICPA’s Trust Service criteria in relation to 5 principals:

  • Security of data
  • Availability of data
  • Processing integrity
  • Confidentiality
  • Privacy

The SOC 2 report is a detailed account of the service auditor’s test of controls in place and the results of said controls related to data integrity. In addition to the Trust Service Criteria, SOC 2 audits can focus on cyber security as well.

SOC 2 - Type 1 & 2

SOC 2 – Type 1 audits test the Design of Controls related to security principles at a point in time.

SOC 2 – Type 2 audits contain the same features as a Type 1, however it adds an opinion on the operating effectiveness of achieving the control objectives of data integrity through that time period.

What Type of SOC Audit is Right for You?

If you are a SaaS company, payment processor, or a company servicing financial institutions, a SOC audit can provide a powerful advantage to your business.

 

Show your prospects and clients that you are a safe and reliable

option for your services.

Meet the Team

Sonny_Brandtner

Sonny Brandtner

Consulting Partner, CPA, CFE
sbrandtner@bvccpa.com
281-917-7541

BIO VCARDLINKEDIN

Lauren Atencio

Lauren Atencio

BAS Senior
LAtencio@bvccpa.com
713-667-9147

BIOLINKEDIN

James Beeler

James Beeler

BAS Senior Manager, CPA
jbeeler@bvccpa.com
713-667-9147

BIOLINKEDIN

Fast Facts

  • Houston’s largest independent accounting firm, founded in 1973
  • Third largest independent firm in Southwest United States
  • Named Best Places to work by Houston Business Journal, Houston Chronicle and nationally by Accounting Today magazine
  • Our size allows us to offer sophisticated services for complex issues and deliver them with an agility that entrepreneurial client organizations find refreshing
  • Peer reviewer and 100% clean PCAOB opinions demonstrate the utmost quality of our work
  • Highly active in more than 100 professional and civic organizations
  • Members of HLB International, a top 10 international network with the combined strength of more than 160 independent accounting and business advisory firms in over 500 offices and 80 countries