understanding service organization control reports
DESCRIPTION
This brochure defines “Service Organization Control Reports” and explains the benefits of receiving an SOC report. Mayer Hoffman McCann P.C. is a national, independent CPA firm that has grown and fluorished to become a national alternative to the Big Four. While we have resources across the country in more than 35 offices, we maintain that our clients deserve peronalized, premier caliber service. Guided by our core values of competence, integrity, respect and value, our professionals and our firm, operate as your trusted advisor. At MHM we are steadfast in our commitment to you and the public to deliver sound financial reporting and reliable assurance services. You have our commitment to responsive service and compliance with the profession’s highest technical and ethical standards. For more information, visit http://www.mhm-pc.comTRANSCRIPT
SERVICE ORGANIZATION CONTROL REPORTS
MayerHoffmanMcCann P.C.An Independent CPA Firm
MAYER HOFFMAN MCCANN P.C. - SERVICE ORGANIZATION CONTROL REPORTS
With the increased scrutiny, the need for ensuring your clients information is safeguarded and effectively managed is
even more essential now than ever before. As more companies turn to third parties for their IT processing needs, management needs to understand how their service organization’s internal controls are functioning in order to effectively manage their risk.
What is an SOC Report?A Service Organization Control (SOC) Report is an internationally recognized auditing standard developed by the AICPA to provide a formal report on the design, implementation and operating effectiveness of security activities at a service organization. In addition to its benefits to the service and user organizations, it also provides the external auditors an independent opinion of the necessary information to understand the flow of transactions, cocntrols that may affect the processing of transactions and information about the effectiveness of the controls tested. Until 2010, this process had been known as a SAS 70 audit.
Today’s news headlines continue to showcase stories of business fraud and technology breaches, which have generated a renewed commitment to tighten controls and increase scrutiny of organizations across the country.
Our dedicated professionals provide service organizations detailed examinations of the internal controls over their policies and procedures for both operating and technology controls. By evaluating and testing control policies and procedures, management can demonstrate that the organizations’ controls are placed in operation, suitably designed and are operating effectively. Additionally, this independent process often results in the identification of opportunities for improvements in many operational areas.
The BenefitsAn SOC Report may be requested by a client for their audit needs, however the results can benefit both parties involved. And while it used to be common just for large companies to have such a review performed, more companies are opting to get one in an effort to
stay competitive in the marketplace.
The key benefits of an SOC Report include:
• providing an independent assessment of the service organization’s control structure
• assisting a client’s auditor in planning the audit of their financial statements, reducing the possibility of incurring additional cost in order to send their auditors to perform required procedures
• providing a competitive advantage over other companies in the industry that haven’t received an SOC Report
• building trust and confidence of a client and using the report to reinforce customer contracts
• assisting with Sarbanes-Oxley certification for a service organization
• increasing audit efficiencies in financial statement audits for a service organization
• identifying additional opportunities for improvements in many operational areas of a service organization
Types of SOC ReportsThe AICPA has established three SOC reporting options with the goal of better addressing the needs of the marketplace. There are two types of SOC 1 reports which exclusively focus on controls at a service organization, likely to be relevant to an audit of a user entity’s financial statements. SOC 2 and SOC 3 reports focus on controls at the service organization that relate to operations and compliance. These three reports represent significant changes in service organization reporting approaches. Your audit provider can help you determine which one is right for you.
Our ExperienceMayer Hoffman McCann P.C. (MHM) has a dedicated team of professionals who provide SOC Report services. In today’s regulatory environment, the ability to perform this assessment effectively and remediate control deficiencies before they cause problems, as well as provide business-friendly solutions, are all at a premium.Our professionals have years of experience and
a proven track record of satisfied clients. We use a risk-driven methodology in our approach, aligning audit efforts with the areas of greatest concern within your business. And, you’ll find that we offer our high quality services at fees that are very competitive with those of the Big Four and other national firms. Moreover, the skill of our dedicated team and our involvement with attending regular training to keep abreast of changing legislation, speaking on recent developements in the industry and providing thought leadership and guidance has positioned MHM as a leader in the SOC (formerly SAS 70) arena.
Is Your Organization Ready?Now is as good a time as any to go through with getting an SOC Report. Whether you’re being asked for one by your clients or their auditors, or you’re ready to give your organization a competitive advantage, our professionals are ready to speak with you. We can also perform a readiness assessment to identify areas for improvement to ensure that your company is well positioned to undertake an SOC Report evaluation when the time is right.
© C
opyr
ight
201
01 M
ayer
Hof
fman
McC
ann
P.C
. All
right
s re
serv
ed •
About MHMMayer Hoffman McCann P.C. is a national, independent CPA firm that has grown and fluorished to become a national alternative to the Big Four. While we have resources across the country in more than 35 offices, we maintain that our clients deserve peronalized, premier caliber service. Guided by our core values of competence, integrity, respect and value, our professionals and our firm, operate as your trusted advisor. At MHM we are steadfast in our commitment to you and the public to deliver sound financial reporting and reliable assurance services. You have our commitment to responsive service and compliance with the profession’s highest technical and ethical standards.
Mayer Hoffman McCann P.C. provides a comprehensive range of audit and attest services including:
• FINANCIAL STATEMENT AUDITS OF PUBLIC AND PRIVATE COMPANIES AND NONPROFIT ORGANIZATIONS
• YELLOW BOOK AUDITS• SOC REPORTS OF SERVICE ORGANIZATIONS• EMPLOYEE BENEFIT PLAN
AUDITS• SEC ADVISORY SERVICES• LITIGATION SUPPORT• REVIEWS• COMPILATIONS• OTHER ATTEST SERVICES
MayerHoffmanMcCann P.C.An Independent CPA Firm
www.mhm-pc.com
our roots run deep™