4. Why do you
need SOC?
4
• You will communicate to clients and
prospects your compliance with
standards and industry best practices.
• You create a level playing field with
your competitors.
• Your clients expect it.
5. Importance of
SOC reports
5
• Presents the client's significant
non-financial data
• Demonstrates Service Organization is
serious on maintaining the security &
confidentiality of client’s data
• Shows whether or not the internal
controls are working effectively
• Provides further validity of the financial
statement
6. Scopeof
SOCIIreports
• SOC II reports cover the broadest
range of information and assurance
about controls
• Uses predefined gauges in Trust
Service Principles, Criteria and
Illustrations, and prerequisites and
guidance in AT Section 101, Attest
Engagements
6
7. Types of SOC II
reports
7
• A SOC II Type I report covers
appropriateness of the controls
• A SOC II Type II report examines and
verifies efficacy of the controls
• SOC II Type II utilizes professional
standards, AICPA publications in
relation to SOC framework, Extent
and subject matter, & created for
Intended users
8. Elements of
SOC II reports
8
• Description of the Service Organization’s
system
• Service auditor’s report that expresses
auditor’s opinion
• Auditor’s test of controls and its
outcome
• Efficacy of the controls
9. Benefits and
drawbacks of
SOC II reports
9
• SOC II reports will let their readers
examine and evaluate the service
provider more thoroughly
• Users may have to gather or acquire
extra reports from trusted subservience
providers
• Service providers may not be inclined to
disclose the reports on detail