系统 & Organization Control (SOC) 审计s

的创建 系统 and Organization Control (SOC) audits provide three report options developed for service organizations to respond to demands for uniform reporting and review—expanding service organizations’ ability to report on financial controls, 非财务控制和, SOC 3, become certified trusted system service organizations.

注册会计师执行 SSAE 18证词 to provide assurance to the service organization’s customers and their auditors that the organization has certain, adequate and effective controls in place.

  • I型审计 consider the controls’ design effectiveness at a certain point in time
  • II型审计 examine the controls’ design and operating effectiveness over a specific period, 通常是6到12个月.

SOC 1, SOC 2 and SOC 3 engagements address today’s environment that:

  • Requires greater international consistency
  • Addresses newer technologies such as cloud computing, mobile, and virtualization
  • Demands more widely recognized and understood reporting options

We provide SOC audits to clients across the country and maintain appropriate licensure in the states in which we provide attest work. 作为一个结果, we have in-depth industry knowledge to help service providers in a variety of industries, including healthcare and claims processing, 金融服务, 云服务提供商, and commercial collation and hosting providers.

SOC 1

Requirements of a SOC 1 include management to provide written descriptions of its systems and assert that the descriptions of their systems are fairly presented, control objectives suitably designed and operate effectively, and identify the criteria they used to make those assertions.

SOC 1 audits examine service organizations’ controls related to financial reporting, while SOC 2 and SOC 3 reviews security, 可用性, 处理完整性, 保密, and privacy reporting controls that align to the AICPA Trust 服务 Criteria (TSC).

There is a key difference between SOC 2和SOC 3报告. That difference is that a SOC 2 report contains a detailed description of the service auditor’s tests of controls and results of those tests as well as the service auditor’s opinion on the description of the service organization’s system and a SOC 3 report can be distributed freely while a SOC 2 is meant for a service organization’s customers.

SOC审核执行小组

链接到保罗 SOC审计

保罗 Demastus

Shareholder, 审计 and 咨询

手机图标 电子邮件图标 纳什维尔
手机图标 电子邮件图标 纳什维尔
链接到雅各 SOC审计

雅各 Schuetze

Senior Manager, 审计 and 咨询

手机图标 电子邮件图标 纳什维尔
手机图标 电子邮件图标 纳什维尔