Nicole Hemmer

Clients will often ask why we complexify certain types of audit procedures. [...]

There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification. [...]

In its simplest form, a royalty audit is a financial inspection that determines whether a licensee (user of a patent/license/franchise) is paying the licensor (owner of the patent/license/franchise) the correct amount of royalty fees. [...]

The Trust Services Criteria (TSC) were developed by the AICPA Assurance Services Executive Committee (ASEC). The available TSCs for a SOC 2 audit include: Security (also known as common criteria). This is the only required TSC and is included to demonstrate that systems at a service organization are protected against unauthorized access and other risks [...]

The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that are options to be included in a SOC 2 audit are the following: Security (also known as common criteria). Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could [...]

The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that can be included in a SOC 2 audit are the following: Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy [...]

In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap. [...]

We are frequently asked how long it takes to complete a SOC examination. Unfortunately there is not an answer that fits for every examination because every service organization is different. But, if an organization has controls in place the average time taken for a SOC examination is typically one to three months for Type I [...]

There are five trust services criteria that can be included in a SOC 2 report, including: security, availability, processing integrity, confidentiality, and privacy (see definitions from the AICPA below). Only one of the five criteria is required in the SOC 2 — security. The other four trust services criteria are optional, and we get many [...]

The AICPA has recently developed a cybersecurity risk management reporting framework that is being added to the suite of System and Organization Controls (SOC) report offerings. This framework will assist organizations in communicating relevant and useful information about their cybersecurity risk management program. Companies need to be able to evidence that they can manage cybersecurity [...]