As companies (both service organizations and user organizations) look to understand their risks and the controls addressing those risks, reporting and transparency have become increasingly important. Service organizations look to provide comfort to their user organizations by providing them information regarding the internal controls they have in place to reduce risks.
The Brown Smith Wallace experienced team of professionals can assist you with your third party assurance needs, including Service Organization Control (SOC) reporting. Our team members have performed these services as the requirements have grown and changed over the years from SAS No. 44 (Special-Purpose Reports on Internal Accounting Control at Service Organizations) to SAS No. 70 (Service Organizations) to present-day requirements. Our team can help you navigate the process of determining which of the three reports best fit your needs.
SOC 1 – Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting
This report focuses on the controls of the service organization that are relevant to the financial reporting of the user organization. These engagements are performed in accordance with Statement on Standards for Attestation Engagement (SSAE) 18, Reporting on Controls at a Service Organization.
SOC 2 – Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
This report focuses on one or more of the Trust Services Principles and the predefined criteria. These engagements are performed in accordance with AT Section 101, Attest Engagements, of SSAEs.
SOC 3 – Trust Services Report for Service Organizations
These reports use the same principles and criteria as the SOC 2 report. This is a general-use report that provides the auditor’s report on whether the system achieved the trust services criteria (no description of test and results or opinion on the description of the system are provided). These engagements are performed in accordance with AT Section 101, Attest Engagements, of SSAEs.
Agreed Upon Procedures
When a SOC report is not required, but you want a specific group of accounts, procedures or controls evaluated or reviewed, an Agreed Upon Procedures engagement may fit your needs.
Agreed upon procedures can involve reviewing accounts, procedures or controls to evaluate their effectiveness or accuracy. Agreed upon procedures engagements can review compliance of processes you dictated. We add our auditing, accounting and risk services expertise when needed to advise you on a specific course of action.
In many cases, an agreed upon procedures engagement examines service level agreements (SLAs), contract compliance, benefit plan compliance or contracts for services between two parties. These are just examples of the types of accounts, agreements and contracts that can be examined in an agreed upon procedures engagement. Upon completion of the agreed upon procedures engagement, a report is issued for your review, often with suggestions and recommendations.
At Brown Smith Wallace we have the experience your company needs. Because of our advisory services expertise in performing third party assurance projects and reviews in multiple industries and complex technical environments, we are able to draw upon the knowledge and experience necessary to deliver extraordinary results to your organization. To learn more about our SOC and Agreed Upon Procedures services, please contact us today.
Brown Smith Wallace has been instrumental in helping Belden build its internal audit, enterprise risk management, and Sarbanes-Oxley programs. I really appreciate the level of partner involvement and thought leadership and the impact they have had on our company.
Jessica Herr, Director, Financial Planning – former
Brown Smith Wallace provides us with detail-oriented, user friendly service as our outsourced internal audit provider. They’ve been very helpful in enhancing our controls with their internal control and operational recommendations. We have made particularly good use of their sampling resources and they have provided us with very helpful, independent support to our SOX compliance efforts. I am very impressed with the depth of their insurance industry knowledge, and I find them very approachable and easy to work with. They have demonstrated great flexibility in our dynamic environment.
Independence Holding Company
Paul Janerico, Vice President, Internal Audit
I joined what is now Siemens PLM Software in late 2004 after a career in public accounting with a Big Four firm. I started the Internal Audit function, and co-sourced with Brown Smith Wallace for our international and domestic SOX and internal audit work. Initially, I used a Big 4 firm for the IT audit and controls testing for our global SAP environment. After the first year, I moved all the work to Brown Smith Wallace because they demonstrated their expertise and know-how. Our IT management appreciated the service improvement from Brown Smith Wallace’s more experienced and competent IT audit professionals. Although the nature of the projects we do with Brown Smith Wallace has evolved over the past 5 years, we continue to work with them because they combine high quality service with fair rates to deliver value. In short, it’s always quality work with no surprises.
Siemens PLM Software
Tom Beitel, Vice President, Finance, Global Zone Operations