Kevin has over ten years of experience in internal controls, audit, and advisory work. Kevin started his career in public accounting at Deloitte focusing on internal controls, SOC audits, and IT assurance work. After Deloitte, Kevin filled a leadership role in the SOX Compliance group at a financial services company. Kevin is a CPA and holds a Bachelor of Science degree in Accounting from Brigham Young University and a Master of Business Administration degree from Ohio University.
If you have recently completed a Type I SOC report, congratulations! It is no small task to prepare and complete a SOC examination. However, for most companies, a Type I SOC report is just a step in the process of eventually completing a Type II SOC report, as that is what most user entities expect […]
When preparing for a SOC 1 or SOC 2 examination, service organizations, particularly those who elect to report their subservice organizations using the carve-out method, often conclude that anything related to their subservice organizations is out of scope for their own SOC report. However, that is not the case. This blog will discuss the requirements […]
I once attended a training where the class was broken out into small groups, and each group was tasked with assembling an elaborate box of blocks and accessories in a precise order to create a motorcycle. However, for this exercise, the instructions were removed from the box and the moderator did not provide any guidance […]
Data has become a valuable resource for organizations across the world, and large amounts of data are being collected every day. At the same time, there has been an increase in or emphasis on the laws and regulations aimed at providing safeguards for data collected. A tool that can be used to help manage data […]
Upon scanning through the Common Criteria for a SOC 2, it doesn’t take long to come across criteria related to governance and the overall control environment. In particular, Common Criteria 1.2 (CC1.2)/COSO Principle 2 specifically addresses the role and expectations of the board of directors to provide oversight of internal controls. For small businesses or […]
When contemplating or preparing for a SOC 2 examination, the initial effort is generally focused on implementing information technology (IT) controls and processes over infrastructure and software, which are core to the system being addressed by the SOC 2 examination. While this is a significant portion of the SOC 2, many organizations are surprised to […]
