One of your clients or customers (or a potential client or customer) has requested that you obtain a SOC certification to keep or obtain their business. Now what? You may or may not have any idea what they are requesting, so here is some information to get you off on the right foot.
These four steps will help you start the process.
1. Research. Conduct some preliminary research to develop a better understanding of SOC reports and examinations. The American Institute of Certified Public Accountants (AICPA) website is an excellent source of SOC information. There are also numerous non-firm and public accounting firm sites providing detailed information. While you can find a wealth of information online, firms specializing in SOC examinations should have personnel more than willing and able to provide you with further understandable SOC information.
2. Firm Search. Identify a reputable public accounting firm to conduct the SOC examination. Again, the internet is a wonderful resource. Unless you are set on paying higher than necessary fees or just want to use a bigger firm, look for firms that specialize in SOC examinations and feature these services on their site. If the site does not provide a lot of information, they may not be very experienced. Another great way to identify a firm is to reach out to your peers. Other companies in your industry, that are not in direct competition, can often provide a good recommendation if they have already gone through a SOC examination.
3. Firm Selection. Select two to three firms and reach out to one of their primary SOC practitioners. They should be able to ask probing questions and quickly ascertain your SOC needs so they can provide a proposal that outlines their SOC examination process and fees. If the firm can clearly articulate the SOC process, put you at ease regarding the steps required to complete, and provide some insight into pricing, then you probably have found your SOC examiner.
4. Information Gathering. All reputable firms are required to follow examination guidelines established by the AICPA. The firms you talk to should be public accounting firms or firms employing CPAs specifically trained and experienced in conducting SOC examinations. Most firms will provide this information in initial discussions and in team biographies within their proposal. You will also want to request the results of the firm’s latest peer review audit, which is required every three years and helps to ensure that firms providing SOC examination services are conducting these examinations in accordance with AICPA standards.
A SOC examination is an important tool to provide your clients or customers with assurance that you have adequate internal controls for securing data and transaction processes and for maintaining a high level of system availability. These steps should help you find the right firm to get the process started.
If you have questions or still feel overwhelmed, contact the experts at GrayCPA. We can guide you through the process from beginning to end. Our unique approach will help maximize your results and provide more confidence to your clients and illustrate the competency of your organization.