Helping assess and report on the design and operating effectiveness of internal controls.
FORVIS’ dedicated National SOC and HITRUST Team provides SOC Readiness Assessments and SOC 1 Type 1, SOC 1 Type 2, SOC 2 Type 1, SOC 2 Type 2, and SOC 3 examinations to help organizations assess and report on the design and operating effectiveness of their internal controls. We can also assist with SOC for Cybersecurity, a voluntary reporting framework that can help communicate relevant information about a company’s risk management program and its effectiveness, as well as SOC for Supply Chain, which, similar to SOC for Cybersecurity, is a market-driven, voluntary reporting framework to communicate information related to the organization’s supply chain risk management efforts, which assesses the effectiveness of system controls to mitigate those risks.
Performing a SOC examination of a third-party service provider includes the following benefits:
- Delivers service providers' users with information on the internal control environment, including the operating effectiveness of controls affecting the users’ internal controls over financial reporting;
- Addresses a service provider’s users’ need to understand the internal controls at the service provider related to security, availability, processing integrity, confidentiality, and/or privacy;
- Aids the service providers’ users’ financial statement auditors to determine reliance on controls in place at the service provider;
- Eliminates the need for multiple customers to perform on-site audits;
- Satisfies a requirement by many companies that an audit of internal controls be in place at their service provider;
- Indicates to potential customers a service provider’s commitment to internal controls and transaction processing integrity;
- Identifies improvement opportunities in operational areas at the service provider; and
- Provides an additional marketing opportunity and competitive advantage over other service providers.