Audit Services

Why is SOC important?

Because businesses rely on service providers to protect and safeguard private, confidential or other sensitive information that they choose to share with these service providers .This  necessitates some level of assurance that the service provider is maintaining a sound control environment.  AICPA’s SOC framework, allows service providers to demonstrate their compliance with established, standard guidelines regarding Information Security, Processing Integrity, Confidentiality, Availability and Privacy.

It is important to note that not every SOC report is the same and we will work with you to customize a report and approach that is sufficient and appropriate to meet your precise and unique needs.

Wondering which report is right for your organization? A quick overview of the each type is as follows:

SOC 1

An audit of internal controls over financial reporting. Think of it like this: if the service you perform provides a number that affects the financial status of your customer, this might apply to you.

 

Learn more

 

SOC 2

An audit over one, to all five, of the Trust Services Principles (TSP’s). What are the TSP’s? Security, Availability, Processing Integrity, Confidentiality, and Privacy. (This audit is typically very IT focused.)

 

Learn more

 

SOC 3

Similar to a SOC 2 audit, this covers IT controls related to Security, Availability, Processing Integrity, Confidentiality, and Privacy, but has less detail presented about internal processes and results of the auditors testing and is most generally used for marketing purposes.

 

Learn more

 

SOC for Cybersecurity

As digital security breaches continue to pop up around the world, this new SOC report focuses on highlighting an organization’s efforts to prevent, monitor and effectively handle any cyber security threats.

 

Learn more

 

SOC Consulting & Readiness

Before having a SOC audit performed, it may be appropriate for an organization to learn more about itself and the controls it currently has in place, while also preparing it for the actual execution of a SOC report.

 

Learn more

Who do we serve in the SOC arena?

Our clients include businesses that process, manage, store, and connect to private, confidential and sensitive information of others – and require a strong, multi-faceted CPA firm to provide assurance to their customers and others, via the SOC framework that they are complying with the standard guidelines above.

Holbrook & Manter services that satisfy our clients’ SOC-related needs:

  • Readiness – Hands-on, experienced guidance in getting started in the SOC process, including readying policies, procedures and internal controls to be prepared for a SOC report experience.
  • Education – about the SOC process, and helping management determine the proper “fit” of SOC frameworks to the specific client needs – so as to NOT over-report.
  • Gap analysis – Determining controls that should exist in a given syste in order to comply with SOC guidelines.
  • Design and Documentation of relevant I.T. Controls – Our experienced I.T. controls professionals work with management to design and document relevant I.T. controls in advance of a SOC report.
  • Assurance and reporting – Experienced SOC auditors conduct SOC audits (SOC1, SOC2, SOC3).

Why choose Holbrook & Manter for SOC and IT Audit Advisory?

  • Multiple perspectives – We look at IT Compliance and SOC as both a trusted business adviser and an independent, seasoned auditor. Our certifications and business experience include CIO, CTO, CFO, CGMA, CISA, CPA, CITP and others.
  • Experience – Combined dozens of years of successful client audits and projects.
  • Efficient, consultative approach – We effectively streamline and tailor SOC engagements to fit known objectives and resources.