Service Organization Control (SOC) Services
The AICPA created a Service Organization Control (SOC) reporting framework that enables CPAs to offer service organizations the kind of assurance that their customers and business partners are demanding. At Boeckermann Grafstrom & Mayer, we perform SOC engagements based on industry-recognized audit standards and frameworks.
A SOC report is often requested by organizations that receive significant services from a service organization and the user entities’ auditors.
Examples of services organizations include:
- Application service providers
- Claims processing centers
- Fulfillment centers
- Data centers
- Payroll and billing service providers
- Real estate title and closing companies
Different Service Organization Control services BGM provides:
SOC 1 – Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting – This report is specifically designed to meet the needs of the entities that use service organizations (user entities) and the CPAs who audit these entities’ financial statements (user auditors). The purpose is to evaluate the effect of the controls at the service organization on user entities’ financial statements. The use of these reports is restricted to the management of the service organization, user entities, and user auditors.
SOC 2 – Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and/or Privacy Principles – This report is designed for a broad range of users that need information and assurance about the controls at a service organization. As it relates to security, availability, processing confidentiality or privacy. The use of this report is generally restricted to parties who have knowledge of a service organization’s services and IT environment.
SOC 3 – This report is designed to meet the needs of users who desire assurance about the controls at a service organization that cover the same five principles as the SOC 2, but do not have the need for, the details contained in a SOC 2 Report. Because they are general-use reports, SOC 3 reports can be freely distributed or posted on a website.
SSAE 18 Readiness Consulting – Many clients are unsure about the necessary steps that must be in place before effectively beginning the examination process for SOC engagements. With BGM’s Readiness Consulting Service, we can help make your SOC flow smoothly and efficiently. Even before the examination begins, we will assist your company through the process of preparation.
BGM offers a complimentary initial consultation. Contact Brian Stueve, SOC Practice Leader at 651-287-6307 or firstname.lastname@example.org to schedule a mutually convenient meeting. You can also download the Service Organization Control (SOC) Fact Sheet.