CompliancePoint partners with CPA firms to assist their clients with these assessments. If you are a CPA firm, you can position your firm as an expert. Communicate with current and prospective clients by providing information about SOC reports, and how your firm and CompliancePoint can assist.
Unlike SOC1 engagements that test client-specific controls over financial reporting, SOC2 and SOC3 engagements are based on pre-defined control objectives established by the AICPA and CICA in the "Trust Services Principles and Criteria" (TSPC) framework. The TSPC are highly technical in
nature and require significant information technology expertise to test.
When it comes to SOC2 and SOC3 Reports, partner with the experts at CompliancePoint.
How These Changes Affect CPA Firms
The SSAE now requires the service auditor to obtain a written assertion from the service organization's management about the fairness of the presentation of the description of its system and about the suitability of the design and, in a type 2 engagement, the operating effectiveness of the controls.
Non-ICFR Controls (i.e. ITGC Controls) are in AT-101 not SSAE:
Requirements for CPAs examining and issuing reports on controls over subject matter other than financial reporting are housed in AT section 101, of the attestation standards, not under SSAE.
Service Organizations that need Security, Availability, Processing Integrity, Confidentiality, and Privacy assurance must obtain a SOC2 or SOC3 report instead of a SOC1 report which is the direct replacement for SAS70.
CompliancePoint's SOC Reporting Services
We can help your firm access revenue streams that may have previously been untapped.
By partnering with CompliancePoint to provide SOC2 and SOC3 engagements, you'll work with our technical specialists who are Certified Information Systems Auditors (CISAs). They perform SOC2 and SOC3 engagements per AT101 requirements at the highest quality level.
We provide technical guidance so that your audit partners are comfortable with performing work paper reviews and ultimately signing the SOC report. Our specialists are also available to provide technical expertise and pre-sales support to help secure engagements.