Many of our clients and prospects get asked for a “SOC report” without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and with a quick conversation, we […]
Tag: AICPA
The Cloud Security Alliance (CSA) and the AICPA
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
What is the PCAOB? Auditing Standards & Inspection Reports
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.
What is Upstream and Downstream Testing in Auditing?
Clients will often ask why we complexify certain types of audit procedures.
SOC Certifications: Are SOC 1 & SOC 2 Audits Actually Certifications?
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
Using the SOC 2 Report for Health Care Industry Assurance
In a press release dated December 17, 2015, the AICPA announced that it had collaborated with the Health Information Trust Alliance (HITRUST) to develop an illustrative SOC 2 report useful to health care industry service organizations that must demonstrate compliance with HIPAA’s security requirements
Not all SOC Reports are Created Equal
Unfortunately, not all SOC reports or SOC audit firms are created equal. Here are some tips to ensure that your SOC report and the firm performing your SOC examination is up to par. Confirm your firm is licensed – One day we received a call from one of our clients telling us that our fees […]
SOC 3 Reports: When do they make sense?
Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.
Use of SOC Logos and Seals
SOC logos are available for use by service organizations that have undergone a SOC 1 (formerly SSAE 16), SOC 2, or SOC 3 engagement within the prior 12 months.
So Many Terms…What Do They All Mean?
It is easy to feel overwhelmed by all of the terminology surrounding an audit. Here is a list of frequently used terms and their meanings: