Service Organization Controls
SOC 1, 2 & 3
By engaging an independent CPA to examine and report on a service organization’s controls, service organizations can respond to meet the needs of their user entities and obtain an objective evaluation of the effectiveness of controls that address operations and compliance, as well as financial reporting at those user entities.
To provide the framework for CPAs to examine controls and to help management understand the related risks, the AICPA is establishing three Service Organization Control (SOC) reporting options (SOC 1, SOC 2, and SOC 3 reports).
SOC 1 engagements are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization. SOC 1 reports focus solely on controls at a service organization that is likely to be relevant to an audit of a user entity’s financial statements. SOC 2 and SOC 3 engagements address controls at the service organization that relates to operations and compliance and are under AT 101. SOC 1, 2, and 3 reports represent significant changes in service organization reporting approaches brought about as a result of several important changes.
Separating eDelta from most of our competitors, is our mission and applied practice of quality assurance. Prior to submitting each element of our service deliverables, we will map completed work back to the initial and underlying objectives of that deliverable. This important process has allowed the quality of our work to consistently remain as best in class within our industry.
The work performed is reviewed to ensure accuracy, suitable levels of coverage depth, assurances that all recommendations including those that address both control issues and efficiency of operations, and conformity regulatory expectations are fully met.