SOC Reporting

Get a Quote for your Company's SOC Report

Systems and Organizational Controls (SOC) Reporting Services

Service organizations like yours receive requests from customers for assurance on a number of fronts, including assurance about your systems’ controls over financial reporting (SOC 1 engagements) and also the controls you employ to protect the privacy and confidentiality of users’ data, as well as the security, availability and processing integrity of your systems (SOC 2 and SOC 3 engagements). A SOC report demonstrates to your clients a commitment to internal controls by providing third-party assurance of the reliability of the design, implementation and operating effectiveness of your organization’s controls. Service Organization Control engagements have become the gold standard for examining, assessing and reporting on these controls and providing customers and other stakeholders of a service organization with a high-level compliance attestation. GreerWalker’s team serves a wide range of clients in a variety of industries.

At GreerWalker, we help our clients choose the appropriate attestation report, conduct a readiness assessment and provide recommendations for improving the organization’s control process before beginning a SOC examination to ensure you will be better positioned to attain attestation in an effective and efficient way. A breakdown of the different types of SOC reports is below.

AICPA SOC Report

SOC Readiness Assessment
SOC 1
SOC 2
SOC 3

For service organizations preparing for their first SOC report, a readiness assessment is recommended so that the organization’s first report can be successful. The assessment is designed to determine the full scope of services to be covered by the SOC report and determine any gaps and design deficiencies within the current control environment. At the end of the assessment, the service organization will receive a report that summarizes the organization’s current readiness for the SOC examination and a detailed listing of each control gap or design deficiency with recommendations and requirements for remediation. The report will also help to prioritize remediation efforts and determine a recommended start date for the SOC examination.

Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting

This meets the needs of user entities’ managements and Auditors as they evaluate the effect of a service organization’s controls on a user entity’s financial statement assertions. These reports are important components of user entities’ evaluation of their internal controls over financial reporting for purposes of compliance with laws and regulations and for when user entity auditors plan and perform financial statement audits.

Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality, or Privacy.

For those who need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality or privacy. These reports can play an important role in oversight of the organization, vendor management programs, internal corporate governance and risk management processes, and regulatory oversight. Stakeholders who may use these reports include management or those charged with governance of the user entities and of the service organization, customers, regulators, business partners and suppliers, among others.

Trust Services Principle, Criteria, and Illustrations
Designed to accommodate users who want assurance on a service organization’s controls related to security, availability, processing integrity, confidentiality or privacy but do not have the need for the detailed and comprehensive SOC 2® Report. It can be used in a service organization’s marketing efforts.

Why Choose GreerWalker

Quality: SOC engagements were developed by the CPA profession, which has long been a thought leader in assurance engagements. GreerWalker is a member of the American Institute of Certified Public Accountants Center for Audit Quality. The firm is also registered with the Public Company Accounting Oversight Board (PCAOB) established under the Sarbanes-Oxley Act. As a member of these voluntary groups, we demonstrate our commitment to maintaining high quality assurance standards in performing professional services.
Standards: The AICPA, the membership and standard-setting body of CPAs, creates standards like those for performing SOC engagements designed so that CPAs can easily comprehend and incorporate best business practices into existing procedures on behalf of clients.
Expertise: Audit and attest services, fundamentals of the CPA skill sets, are thoroughly tested in the demanding Uniform CPA Exam.
Deep and timely knowledge: CPAs participate in continuing education to maintain their license, putting them at the forefront of knowledge and understanding of the issues surrounding service organization controls.
Commitment to performance: CPAs follow rigorous performance and reporting standards for these engagements, as well as a Code of Conduct that requires independent, objective and competent performance.
Ongoing monitoring: CPA firms performing SOC engagements must meet exacting peer review standards that ensure the quality of and reliance upon their work. Clients can be assured CPA professionals are monitoring service organization controls appropriately. In the history of our firm, all peer reviews have confirmed that our firm meets the high standards of the public accounting profession in general and elite centers in particular.

Recent News

At GreerWalker, we strive to keep our clients and prospects updated with the latest information. As a member of the RSM Alliance, we have the ability to provide timely, insightful articles and videos. See below for the most recent thought leadership and news: