System and Organization Controls

With the persistent threat of identity theft, cybersecurity breaches, and fraud, it’s crucial for business owners to protect company and customer information. As a third-party service provider, your business likely receives requests from clients and prospects for an independent review of your internal controls. We provide these reviews, which are known as system and organization controls (SOC) examinations.

Diverse SOC Clientele

Companies that typically need a SOC report are those that perform outsourced services on behalf of their customers, including financial services/payroll processors, healthcare claim processors, software as a service (SaaS) providers, network administrators, managed security service providers, ISP and web hosting service providers, application service providers, co-location data centers, cloud computing providers, financial services processors, customer support call centers, accounts receivable processors, credit recovery managers, trust departments, transfer agents, financial custodians, and mortgage servicers.

SOC Examination Experience

KraftCPAs has performed SOC examinations for almost three decades and was one of the first firms in the United States to perform a SOC2 examination. The KraftCPAs SOC examination team has extensive system and organization controls experience and credentials.

Benefits of an SOC Examination

A SOC examination provides independent assurance that your company’s internal controls are working properly. It also sends a message to customers that they can rely on your company to accurately and securely process and store their information.

Elements of a SOC Examination

Similar to a financial statement audit, a SOC attestation report can be issued only by a CPA. But because of the sophisticated technology intrinsic to many service organizations, few firms have the high level of technological skill and credentials needed to perform SOC examinations. We assign a team of experienced, management-level CPAs and technology professionals to each SOC engagement to ensure high-quality results.

As part of an exam, we review the company’s policies, procedures, and controls that relate to specific control objectives (SOC 1) or trust services criteria (SOC 2) for the outsourced functions provided for clients or customers. The standards are separated into three different types of reports using two different methods. If you’re not sure which SOC report you need, or if you’re concerned that your controls aren’t adequate, we can assist you.