As the use of third-party service providers has grown exponentially in recent years, so has the demand for System and Organization Controls (SOC) auditor examinations and related reports. PKF Mueller’s SOC team has been performing these examinations since their origination in 2011, which now include SOC 1, SOC 2, SOC 3, and most recently, SOC for Cybersecurity reports. PKF Mueller’s dedicated SOC team includes a group of professionals with over 30 years of combined experience in preparing, reviewing, and relying on hundreds of SOC reports. Our team combines financial statement audit, IT audit, cybersecurity audit and internal controls skills with extensive experience across many industries.
SOC Service Offerings
SOC READINESS ASSESSMENTS: Your big prospect demands a SOC report and you don’t know where to start. PKF Mueller is here to help. With a SOC readiness assessment you get the benefit of our internal control expertise without the pressure and anxiety of an immediate audit. The PKF Mueller SOC team will work closely with your personnel to document existing controls and identify potential gaps and weaknesses. Our SOC readiness assessment services will allow you to establish a roadmap to remediate your internal control gaps before the audit begins; providing you with peace of mind and confidence as you undergo your first SOC audit.
SOC 1: Formerly SAS 70, this is an examination of internal controls over financial reporting that is based on AICPA’s guidance for auditors, SSAE 18. This is intended to be an “auditor to auditor” report.
SOC 2: This is an examination of operational or compliance controls (not solely financial reporting) that is focused on one or more key system attributes of security, availability, processing integrity, confidentiality, and privacy (Trust Services Criteria), depending on what is relevant and important to your customers. This is intended to be a report from company management to customer management (not auditor to auditor).
SOC 3: These examinations are the same as SOC 2 with the exception that the report does not include management’s detailed description of processes and systems, and the company can place a publicly visible SOC seal on its website with a link to the report on the stated key system attributes of security, availability, processing integrity, confidentiality, and privacy.
SOC FOR CYBERSECURITY: Concerns over cybersecurity are on the rise in many organizations and there is a growing need for businesses to demonstrate that they are effectively controlling this threat. In 2017, AICPA developed a new cybersecurity risk management reporting framework that helps organizations communicate about and CPAs report on cybersecurity risk management programs.
PKF Mueller utilizes industry-leading engagement workflow software that provides a centralized communication platform that includes secure file transferring. This software allows increased efficiency, tracking, and effectiveness of communication specific to audit flow and requests as well as notifications and dashboards showing engagement progress.
PKF Mueller's SOC Service Values:
PKF Mueller’s SOC team is close-knit, specialized, and dedicated. This contributes to many gained efficiencies throughout the different engagements
PKF Mueller prides itself on providing the same personnel and team structure from start to finish, year after year
Because of the close-knit team, the overall audit approach and methodology is also consistently applied year over year
Collaborative Approach & Continuous Improvement
Client facing and interaction focused
Entity Risk-Based Approach to meet defined SOC objectives/criteria
Constant feedback and communication of best practices
Recommendations for improvement throughout the engagements
Flexibility to meet Client needs and schedules
National Presence With Local Touch
Clients across the United States including California, Texas, Louisiana, and North Carolina to name a few
Perform SOC audits ranging from managed security service providers and securities trading platforms to payroll and insurance claims processing organizations
Onsite presence available during engagements regardless of location
Fully remote engagements also available
PKF Mueller performs all scheduling related to planning and final fieldwork of the engagements, on average, 6 months ahead of time
At minimum, weekly open item follow ups and updates with clients to ensure timely completion and issuance of SOC reports
Interim and final request lists issued, on average, at least 2 months before as of/period end dates
Niche established within PKF Mueller when service organization attestation reports first started (SAS 70)
Members of the niche are highly focused on performance of SOC audits
All members of the SOC niche are Certified Public Accountants (CPAs)
Management and above are Certified Information Systems Auditors (CISAs)
Who We Serve
We see that System and Organization Controls examinations are typically relevant to companies that provide outsourced services such as:
Are you spending all of your time completing client security assessments?
As outsourcing to specialty service providers has grown exponentially
in recent years, so has the demand for System and Organization
Controls (SOC) auditor examinations and related reports.
A SOC report is an examination and report over internal controls at a
Podcast: SOC Report Overview, Choosing Your Auditor & The PKF Mueller Approach
You need a SOC examination.
At PKF Mueller, we understand that finding the right SOC audit partner for your Company can be an intimidating process, but it is also an important decision to ensure a successful SOC examination experience and satisfied new and potential clients.