*
*
*

PKF Mueller

Enhancing the lifetime success of our clients

Service Organization Controls

SOC Reports

System and Organization Controls

The guidance issued by the AICPA effective in June, 2011, along with the growing trend for companies to outsource business functions has resulted in greater demand for auditor examinations and reporting on System and Organization Controls (“SOC”).  Mueller’s SOC team includes a group of professionals with over 30 years of combined experience. Our team combines financial statement audit, IT audit, and internal controls knowledge delivering high quality SOC reports to service organizations with extensive experience in many industries.

SOC Suite of Services

SOC 1® - SOC for Service Organizations: ICFR

Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR)

These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

There are two types of reports for these engagements:

  • Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
  • Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Use of these reports is restricted to the management of the service organization, user entities, and user auditors.

SOC 2® - SOC for Service Organizations: Trust Services Criteria

  • SOC for Service Organizations: SOC 2® HiTrust
  • SOC for Service Organizations: SOC 2® CSA STAR Attestation

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

SOC 3® - SOC for Service Organizations: Trust Services Criteria for General Use Report

These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.

SOC for Cybersecurity

A reporting framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program and CPAs can report on such information to meet the cybersecurity information needs of a broad range of stakeholders.

We see that Service Organization Controls examinations are typically relevant to companies that provide outsourced services such as:

  • Payroll Processing
  • Claim Processing
  • Collections Processing
  • Medical Billing
  • Employee Benefit Plan Administrators
  • AR/AP Processing
  • Data Centers
  • Application Hosting Firms
  • Co-location Center Firms
  • Professional-Law & Accounting Firms

 


Get In Touch

Fill in the form below to contact us now

* *
*