Case Study Seven: Service Organization Control (SOC) Reports – SOC 1 and SOC 2 Audits

Details

Service Organization Control (SOC) Reports – SOC 1 and SOC 2 Audits, and an example client’s situation.

As an example, a large customer of an IT service organization providing outsourced managed services required a SOC 2 audit. Our client was a Managed Service Provider (MSP) that combines innovative technologies with years of in-depth experience to optimize the availability and performance of various large and complex applications across a diverse customer base through a unique range of proven services. A SOC 2 audit was important to our client’s customers and operations. We successfully performed the first SOC 2 audit for this client; and annual audits each year until this business was successfully marketed and sold to a nationwide MSP.

We were engaged every year since 2012 to perform SOC audits in accordance with auditing standards established by the American Institute of Certified Public Accountants (AICPA).

We successfully planned and performed SOC 1 and SOC 2 audits for various service organizations since 2012, allowing them to meet AICPA SOC 1 & SOC 2 requirements often imposed by customers and regulators. We have guided service organizations through their first SOC audits, assisting with operational and governance improvements to standardize best practices for efficient monitoring of risks and controls. Clients have successfully implemented ongoing monitoring for annual Type 2 SOC engagements.

Accounting and Business Consultants, LLC’s system of quality control for its accounting and auditing practice is subject to external peer review triennially. Under the AICPA’s Peer Review Standards, firms may receive a rating of pass, pass with deficiency(ies), or fail. We have received a peer review rating of pass every three since first performing SOC engagements in 2012.