AICPA Archives | Linford & Company LLP

What is Upstream and Downstream Testing in Auditing?

By Nicole Hemmer (PARTNER | CISSP, CISA) on May 15, 2019May 15, 2019

Clients will often ask why we complexify certain types of audit procedures.

SOC Certifications: Are SOC 1 & SOC 2 Audits Actually Certifications?

By Nicole Hemmer (PARTNER | CISSP, CISA) on March 27, 2019April 1, 2019

There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.

SOC 1 vs. SOC 2 – What is the Difference and How do you Know What you Need?

By Nicole Hemmer (PARTNER | CISSP, CISA) on September 12, 2018October 2, 2018

Many of our clients and prospects get asked for a “SOC report” without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and with a quick conversation, we […]

What is the PCAOB? Auditing Standards & Inspection Reports

By L&Co Staff Auditors on June 21, 2017February 12, 2019

The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.

Using the SOC 2 Report for Health Care Industry Assurance

By L&Co Staff Auditors on January 8, 2016October 11, 2017

In a press release dated December 17, 2015, the AICPA announced that it had collaborated with the Health Information Trust Alliance (HITRUST) to develop an illustrative SOC 2 report useful to health care industry service organizations that must demonstrate compliance with HIPAA’s security requirements

Not all SOC Reports are Created Equal

By Rob Pierce, Partner | CISSP, CISA on September 16, 2015July 26, 2018

Unfortunately, not all SOC reports or SOC audit firms are created equal. Here are some tips to ensure that your SOC report and the firm performing your SOC examination is up to par. Confirm your firm is licensed – One day we received a call from one of our clients telling us that our fees […]

SOC 3 Reports: When do they make sense?

By Rob Pierce, Partner | CISSP, CISA on June 2, 2015May 10, 2017

Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.

SOC Reporting History and Fundamentals

By L&Co Staff Auditors on March 11, 2015October 11, 2017

The ever-growing emphasis on governance, risk management, and compliance has driven companies to focus on internal controls over all aspects of their operations.

The Cloud Security Alliance (CSA) and the AICPA

By Newel Linford (MANAGING PARTNER | CPA, CISA) on August 20, 2014May 10, 2017

With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.

Use of SOC Logos and Seals

By Newel Linford (MANAGING PARTNER | CPA, CISA) on April 9, 2014August 23, 2018

SOC logos are available for use by service organizations that have undergone a SOC 1 (formerly SSAE 16), SOC 2, or SOC 3 engagement within the prior 12 months.