In April 2010, the AICPA announced a new auditing standard: the Statement on Standards for Attestation Engagement (SSAE 16).
This new auditing standard is known today as the Service Organization Controls or the SOC 2.
This auditing standard reports on the internal controls of a company for what is defined as the five Trust Services (These trust criteria’s are Security, Confidentiality, Processing Integrity, Privacy, and Availability of customer data).
My firm was introduced to this audit in 2011. Since we deliver software applications via the web, most companies that we sell to request this certification prior to any sale/engagement.
That same year, our senior management mandated that we comply and provide annual SOC 2 reports. First, we hired a leading accounting firm that guided us through the process. We found out immediately that the audit demands that a firm designate key personnel from every division and provide targeted data on their controls. Once the controls are documented, the accounting firm then comes on site and tests these controls in real-time with your team, ultimately providing the report. Processing time on a full report is approximately six (6) months from start to finish.
The SOC 2 audit legitimizes and provides full transparency on critical operational standards within your company. It truly calls out deficiencies and builds a stronger company. Although this audit is expensive and very time consuming, it will bridge any resistance to all operational questions a customer needs answered prior to signing the deal!
Our President and CEO, Arthur Pereless, said, “The SOC 2 audit is a pre-requisite to any sale of our company’s products! Our firm could not effectively compete without this certification.”