While we tailor every audit to meet each client’s unique requirements and challenges, our roadmap to compliance typically follows a four-phased approach that creates the general framework of each audit. Our goal is to create an efficient, unobtrusive audit so that you can focus on your business, and we can focus on your compliance. Our team of audit professionals serves our clients by combining knowledge of industry standards and regulatory requirements with proven methodologies and tools to produce cost-effective, value-added results. And what really sets us apart from our competitors is our highly personalized, client-centric level of service. We view ourselves as your business partner and treat our engagements as an opportunity to continuously improve your business processes, rather than a mere exercise in compliance.
(Phase 1): Each SOC 1 audit has a unique set of requirements. Every company’s scoping requirements vary depending on the type of services they perform for their customers. Our professionals have experience working in nearly every industry, and we work closely with our clients to ensure that their audit is scoped correctly and all regulatory and compliance requirements are met. During the scoping phase, we will evaluate management’s current report and objectives to ensure that it meets the requirements of SOC 1. This is completed by performing a detailed review of each section of their current report and then corroborating with management to ensure the scope and report content is current with SOC 1 standards. Any deficiencies are quickly identified and reported to management with recommendations for updating their current SOC 1 report.
(Phase 2): A Readiness Assessment is designed to assess a company’s preparedness for a SOC 1 audit. By conducting a thorough gap analysis, our advisors will assess the current control environment by identifying strengths and providing recommendations for areas that need improvement, as well as review your current policies and procedures to ensure they cover the areas needed. As part of our detailed recommendations, we will provide a prioritized listing of controls that should be considered for implementation or enhancement prior to the audit (Roadmap to SOC 1 Compliance). A Readiness Assessment typically requires two weeks of combined on-site and remote fieldwork and is a valuable and effective assessment that will give you a good idea of where you currently are, and where you need to be.
From the outcome of our Readiness Assessment we will issue a detailed listing of GAPs with supporting recommendations. Management will have the time needed to respond to and/or implement require remediation steps. Post-remediation supporting documentation can be submitted to our client portal for auditor validation to be performed remotely, without need for additional time on-site. Our goal is to provide sufficient preparation time, guidance and a remediation appropriate for the client. Upon completion of the remediation efforts and auditor validation, we start the clock for your period of review. Management also has the option for us to issue a SOC 1 Type 1 report at this time.
(Phase 3): After you have successfully implemented control activities to achieve your SOC 1 control framework, maintaining compliance to achieve a SOC 1 Type 2 report is the next objective for most organizations. The control activities implemented during your initial assessment must be followed over a period of time (typically not less than six months). We assist you by implementing periodic checks during this time to validate control activities are still operating effectively; however, there is no remediation phase at this point. The following outlines the processes that occur immediately after your readiness assessment:
Control Activity Calendar
Interim Audit Requests
Testing of Controls
Type 2 Report
(Phase 4): Upon completion of your SOC 1 Type 2 audit report, planning next year’s audit begins. This includes issuing audit recommendations, providing guidance and agreeing to terms for future engagements.
Your Guide. Which SOC report does your company need? Click below to get your free reference guide.