Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
In the context of performing a System and Organization Control (SOC) audit, questions arise as to what are internal controls and what are the types of internal controls. Auditors often take it for granted that everyone knows and agrees on the definitions of internal controls. We wish it were so. Let’s go over the most […]
A good question that people ask all the time. Typically the question is framed with “What does the AICPA do?” The AICPA is the acronym for the American Institute of Certified Public Accountants.
Have you ever thought about what you would do if someone obtained access to all the information you stored electronically?
Clients will often ask why we complexify certain types of audit procedures.
Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
SOC logos are available for use by service organizations that have undergone a SOC 1 (formerly SSAE 16), SOC 2, or SOC 3 engagement within the prior 12 months.
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
A question that often comes up from service organizations and service auditors is this “Who can management distribute the report too?” The answer lies buried in the AICPA’s audit guides and is different depending on the type of service organization control (SOC) audit report.