Councilor, Buchanan & Mitchell, P.C. (CBM) has expanded its System and Organization Control audit services. This capability offers a mid-sized firm alternative for service organization seeking certification to demonstrate the integrity of their internal controls and ability to serve as an effective third-party steward of financial and non-financial data entrusted to them by clients.
“As organizations encounter stories of data mismanagement and security breaches that expose their clients and customers to risks such as fraud and theft, the level of scrutiny they bring to their professional partners increases,” says Daniel L. Weaver, CPA, CBM Senior Vice President and head of the firm’s SOC audit service line. “Service groups that provide third-party data management can increase their trustworthiness by submitting to a SOC audit.”
The SOC audit process is governed by principles established by the American Institute of CPAs. Independent accounting firms, such as CBM, adhere to these principles during the audit, reviewing an organization’s internal control design and implementation, including critical safeguards and information technology. The firm delivers a report reflecting the audit findings. Groups that demonstrate appropriate levels of data confidentiality, privacy and availability for users position themselves as a trusted resource for other organizations.
“The AICPA has come to recognize the growing importance of effective audit procedures for service organizations,” says Weaver. In 2010, the AICPA’s Auditing Standards Board issued new guidance, known as SSAE No. 16, Reporting on Controls at a Service Organization, which replaced older audit standards. “We have already conducted SOC audits for several service groups to increase the transparency of their existing internal controls.”
SOC 1 and SOC 2 audits focus on investigations of an organization’s controls applicable to financial and non-financial data respectively. Several groups that can benefit from SOC audit services include cloud computing groups, outsourced payroll companies, benefit plan administrators and healthcare organizations, among others.
Individuals interested in discussing the benefits of a SOC audit for their service organization should contact Mr. Weaver at 301.986.0600 or via email at firstname.lastname@example.org.