This brochure defines “Service Organization Control Reports” and explains the benefits of receiving an SOC report.
Mayer Hoffman McCann P.C. is a national, independent CPA firm that has grown and fluorished to become a national alternative to the Big Four. While we have resources across the country in more than 35 offices, we maintain that our clients deserve peronalized, premier caliber service. Guided by our core values of competence, integrity, respect and value, our professionals and our firm, operate as your trusted advisor.
At MHM we are steadfast in our commitment to you and the public to deliver sound financial reporting and reliable assurance services. You have our commitment to responsive service and compliance with the profession’s highest technical and ethical standards.
For more information, visit http://www.mhm-pc.com
2. MAYER HOFFMAN MCCANN P.C. - SERVICE ORGANIZATION CONTROL REPORTS
Today’s news headlines continue to showcase stories of business fraud and technology
breaches, which have generated a renewed commitment to tighten controls and increase
scrutiny of organizations across the country.
W
ith the increased scrutiny, the need Our dedicated professionals provide service
for ensuring your clients information is organizations detailed examinations of the internal
safeguarded and effectively managed is controls over their policies and procedures
even more essential now than ever before. As more for both operating and technology controls.
companies turn to third parties for their IT processing By evaluating and testing control policies and
needs, management needs to understand how procedures, management can demonstrate
their service organization’s internal controls are that the organizations’ controls are placed in
functioning in order to effectively manage their risk. operation, suitably designed and are operating
effectively. Additionally, this independent process
What is an SOC Report? often results in the identification of opportunities
A Service Organization Control (SOC) Report is an for improvements in many operational areas.
internationally recognized auditing standard developed
by the AICPA to provide a formal report on the design, The Benefits
implementation and operating effectiveness of security
An SOC Report may be requested by a client for their
activities at a service organization. In addition to
audit needs, however the results can benefit both
its benefits to the service and user organizations, it
parties involved. And while it used to be common just
also provides the external auditors an independent
for large companies to have such a review performed,
opinion of the necessary information to understand
more companies are opting to get one in an effort to
the flow of transactions, cocntrols
stay competitive in the marketplace.
that may affect the processing of
transactions and information about
the effectiveness of the controls
tested. Until 2010, this process had
been known as a SAS 70 audit.
3. The key benefits of an SOC Report include: a proven track record of satisfied clients. We
use a risk-driven methodology in our approach,
• providing an independent assessment of the aligning audit efforts with the areas of greatest
service organization’s control structure concern within your business. And, you’ll
• assisting a client’s auditor in planning find that we offer our high quality services
the audit of their financial statements, at fees that are very competitive with those
reducing the possibility of incurring of the Big Four and other national firms.
additional cost in order to send their
auditors to perform required procedures Moreover, the skill of our dedicated team
• providing a competitive advantage over and our involvement with attending regular
other companies in the industry that training to keep abreast of changing legislation,
haven’t received an SOC Report speaking on recent developements in the
• building trust and confidence of a client and industry and providing thought leadership and
using the report to reinforce customer contracts guidance has positioned MHM as a leader
• assisting with Sarbanes-Oxley in the SOC (formerly SAS 70) arena.
certification for a service organization
• increasing audit efficiencies in financial Is Your Organization Ready?
statement audits for a service organization
• identifying additional opportunities for Now is as good a time as any to go through with
improvements in many operational getting an SOC Report. Whether you’re being
areas of a service organization asked for one by your clients or their auditors,
or you’re ready to give your organization a
competitive advantage, our professionals
Types of SOC Reports are ready to speak with you. We can also
The AICPA has established three SOC reporting perform a readiness assessment to identify
options with the goal of better addressing the areas for improvement to ensure that your
needs of the marketplace. There are two types of company is well positioned to undertake an
SOC 1 reports which exclusively focus on controls SOC Report evaluation when the time is right.
at a service organization, likely to be relevant to
an audit of a user entity’s financial statements.
SOC 2 and SOC 3 reports focus on controls at
the service organization that relate to operations
and compliance. These three reports represent
significant changes in service organization
reporting approaches. Your audit provider can
help you determine which one is right for you.
Our Experience
Mayer Hoffman McCann P.C. (MHM) has a
dedicated team of professionals who provide SOC
Report services. In today’s regulatory environment,
the ability to perform this assessment effectively
and remediate control deficiencies before they
cause problems, as well as provide business-
friendly solutions, are all at a premium.
Our professionals have years of experience and