With identity theft and fraud on the rise, companies must pay closer attention to the security of customer and company information. As a result, third-party outsourcing providers are receiving requests from their clients and prospects for an independent review of their internal controls. These reviews fall under attestation standards (SSAE 16 and AT-101) and are known as Service Organization Control (SOC) engagements.
Who Needs a SOC?
Companies that typically need a SOC report include organizations that perform outsourced services on behalf of their customers. Examples are payroll processors, healthcare claims processors, Software as a Service (SaaS) providers, network administrators, managed security service providers, co-location data centers, cloud-computing providers, financial services processors, customer support call centers, accounts receivable processors, credit recovery managers, trust departments, transfer agents, custodians, mortgage servicers, ISP and web-hosting service providers, ASPs and many more.
Having an independent party perform a SOC review will provide independent assurance of a company’s internal control environment. It also sends a message to customers and prospects that they can rely on a company to handle information accurately and securely.
In addition, a SOC report will help create customer confidence in a business, and a SOC 3 report can be used to market the company and attract sophisticated customers who are concerned with these important issues.
The KraftCPAs Solution
Because of the sophisticated technology intrinsic to many service organizations, few CPA firms have the high level of technology skills and credentials needed to perform SOC engagements.
At KraftCPAs, we assign a team of experienced professionals to each SOC engagement. Our team has extensive service organization control review experience and professional credentials including:
- Certified Public Accountants (CPA)
- Certified Information Technology Professional (CITP)
- Certified Internal Auditors (CIA)
- Certified Information Systems Auditors (CISA)
- Certified in Risk and Information Systems Controls (CRISC)
- Certified in Risk Management Assurance (CRMA)
- Certified Quality Auditor (CQA)
- Master of Business Administration (MBA)
- AICPA National SOC Peer Reviewers
In addition, we offer competitive pricing compared to other firms that offer this highly specialized service. Because of our extensive experience and proprietary protocols, Kraft offers a distinct advantage.