image003.png
image004 (1).jpg
image003.png

Intro


System and Organization Controls (SOC)

 

 

SCROLL DOWN

Intro


System and Organization Controls (SOC)

 

 

Provide services?

Does your organization provide business tasks or functions- including those that may be integral to your client's operations?
 

Hancock Askew's IT Assurance and Advisory group is composed of skilled individuals specifically dedicated to providing SOC attestation services. 

  • Timely report issuance
  • Experienced teams
  • Proactive collaboration

AICPA SOC

SOC for Service Organizations

Internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.

SOC engagements have become the industry standard for examining, assessing, and reporting on controls.

HAC takes this standard very seriously and aims to continually position itself as the premier provider of quality SOC reports for service organizations who aim to deliver assurance about system controls to its users and their discerning auditors.


SOC 1® Reports

SOC 1® is a restricted use report on a service organization’s description of its internal controls over financial reporting. The report includes a detailed description of the service organization’s system, the service auditor’s opinion on the fairness of the description, suitability of design, depending on the type of SOC 1® report, the operating effectiveness of controls for the reporting period.

SSAE 16 is a common reference for this report, however it was replaced with SSAE 18 effective as of May 1, 2017.

 

SOC 2® Reports

Are designed to provide management of a service organization, user entities, and other specified parties with information and a CPA’s opinion about controls at the service organization relevant to the security, availability, or processing integrity of a service organization’s system or the confidentiality or privacy of the information processed by that system.

The report includes a detailed description of the service organization’s system, the service auditor’s opinion on the fairness of the description, suitability of design of the controls to meet the applicable trust services criteria, and in a type 2 report, the operating effectiveness of controls for the reporting period.

 

A reporting framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program and CPAs can report on such information to meet the cybersecurity information needs of a broad range of stakeholders.

SOC for cybersecurity

image004 (1).jpg

Services


How can we help?

Services


How can we help?

 

Hancock Askew has provided clients with solutions by assisting them in examining, assessing and reporting on system controls.