Assurance

Building Customer Confidence through Control Reporting

SERVICE ORGANIZATION CONTROL (SOC) REPORTS

ReportingCustomers and stakeholders expect their service providers to protect and accurately process information. SOC reports provide information on the design and operating effectiveness of an organization’s control environment.

The Accounting Standards Board has mandated that, effective June 15, 2011, SOC reports are to be used to report on service organization controls, replacing the widely recognized SAS 70 reports.

Increase Stakeholder Confidence
SOC reports can be used to provide stakeholders with information on the design and effectiveness of service organization controls. A SOC report also provides an independent, third-party verification on the presentation, design and operating effectiveness of internal controls. This information can build customer and stakeholder confidence in the service organization’s control environment.

Optimize Resources By Reducing Audits
Another benefit of SOC reports is a reduction in the number of audits that are performed on the service organization because multiple user organizations can use the same SOC report. This can save the service organization time and money by reducing the need for each user organization to perform its own audit.

REPORT ATTRIBUTES
SOC reports have two key elements.  First, service provider management makes an assertion about their relevant controls. Second, a CPA provides an opinion on the design of the controls (Type I report) and, in cases where management chooses, tests the effectiveness of the controls (Type II report).