Choosing the right SOC Report for Auditors, Regulators & Managers

Conducted in accordance with the American Institute of Certified Public Accountants, a Service Organization Controls (SOC) engagement — with an accompanying report and/or seal — provides assurance on the integrity of an external service provider’s internal controls.

DeJoy, Knauf & Blood is experienced in performing SOC engagements for organizations that operate information systems throughout the United States.

Which SOC Report is Right for You?

At TeamDKB, we first focus on getting to know you, your business and your users. Once we understand your needs and those of your customers, the CPAs and information technology specialists of our SOC Services Team will recommend the SOC report that will deliver the most value in your circumstances. There are three types of SOC reports, which are as follows:

– SOC 1SM verifies controls for purposes of financial reporting and auditing. While the primary users of a SOC 1 are those who audit the user entity’s financial statements, information contained in this report is likely very valuable to the management teams of both the service organization and the user entities.

– SOC 2SM addresses matters of security, availability, processing integrity, confidentiality and privacy. A SOC 2 may be used by management and/or regulators to support oversight, due diligence, and governance, risk management and compliance (GRC) program efforts.

– SOC 3SM is a general use report and can be freely distributed. It addresses similar matters that are addressed in an SOC 2 report but in a condensed version.

For the purposes of boosting the stakeholders’ and customers’ confidence in the service organization’s systems, either SOC 2 or SOC 3 may be appropriate. SOC 2, however, provides detail on the tests performed and the results of those tests.

To learn which SOC report would best advance your organization’s goals and serve the needs of your customers, contact DeJoy, Knauf & Blood’s SOC Services Team today!