SOC Engagements

System and Organization Controls (SOC) Engagements

Develop a strong internal control scorecard

With identity theft, cybersecurity breaches and fraud on the rise, companies must pay closer attention to the security of customer and company information. As a result, third-party outsourcing providers are receiving requests from their clients and prospects for an independent review of their internal controls. These reviews fall under attestation standards (SSAE 18 and AT-C 205) and are known as System and Organization Controls (SOC) (formerly Service Organization Control) engagements.

Who Needs a SOC?

Companies that typically need a SOC report include organizations that perform outsourced services on behalf of their customers. Examples are payroll processors, healthcare claims processors, Software as a Service (SaaS) providers, network administrators, managed security service providers, co-location data centers, cloud-computing providers, financial services processors, customer support call centers, accounts receivable processors, credit recovery managers, trust departments, transfer agents, custodians, mortgage servicers, ISP and web-hosting service providers, ASPs and many more.


Having an independent party perform a SOC examination will provide independent assurance of a company’s internal control environment. It also sends a message to customers and prospects that they can rely on a company to handle information accurately and securely.

In addition, a SOC report will help create customer confidence in a business, and a SOC 3 report can be used to market the company and attract sophisticated customers who are concerned with these important issues.

The KraftCPAs Solution

Because of the sophisticated technology intrinsic to many service organizations, few CPA firms have the high level of technology skills and credentials needed to perform SOC engagements.

We assign a team of experienced professionals to each SOC engagement. KraftCPAs SOC Engagement Team has extensive system and organization controls experience and professional credentials including:

  • Certified Public Accountants (CPA)
  • Certified Information Technology Professional (CITP)
  • Certified Internal Auditors (CIA)
  • Certified Information Systems Auditors (CISA)
  • Certified in Risk and Information Systems Controls (CRISC)
  • Certified in Risk Management Assurance (CRMA)
  • Certified Quality Auditor (CQA)
  • Master of Business Administration (MBA)
  • AICPA National SOC Peer Reviewers

In addition, we offer competitive pricing compared to other firms that offer this highly specialized service. Because of our extensive experience and proprietary protocols, Kraft offers a distinct advantage.

Search Site

Search Team

Search Articles