A collaborative process with proven results.
Communication is essential in completing a SOC report and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work (for first-time SOC reporters) and/or fieldwork (for recurring clients). In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the Type 2 reporting process.
Once the audit plan is established, we create the request list of support items needed in our secure online dashboard, in preparation of and coordination with you for the testing phase. Between the time of the audit plan establishment and the testing, your team starts compiling your supporting documentation and uploading it to the secure online portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective audit experience.
We send our itinerary prior to our on-site visit and coordinate the on-site expectations. During the fieldwork, we conduct walk-throughs, controls testing, obtain testing documentation, and review other processes as necessary. We conduct an exit interview with you to provide initial testing results, go over next steps, and have a clear plan for completion of the testing portion of the SOC report. Our goal is to have 95% of all testing documents and your draft of the control description completed at the end of field work. This ensures your report is completed in a timely manner.
The Auditwerx virtual Smart Tech Audits & Reviews (vSTAR™) process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our audit engagement virtually and in real time.
After the testing and internal reviews are completed, a draft report is issued for managements review. Any changes by management are processed and the final report is issued. With the final report, we will provide you with the appropriate AICPA seal of completion to be displayed on your website. This seal provides users of your services with notification that you have completed the SOC reporting process.
Our goal is to provide the highest quality report that is meaningful to your clients with the least disruption to your business.
A SOC engagement doesn’t have to be a large task when you work with the right partner. We have the industry expertise best positioned to help you navigate through the SOC process.
We pride ourselves on going above and beyond to provide the added value and personalized attention to our services and deliver reports in an efficient, professional and quality product while providing the value added business process and operational recommendations to improve the control environment currently in place.