SOC Readiness Assessment
Customized SOC reporting solutions to meet your organizational needs
Calvetti Ferguson skillfully provides SOC readiness and examination services. Our solutions emphasize consistency, efficiency, and quality control from start to finish. We see SOC examinations as a collaborative process, and work with our clients throughout the examination to help ensure there are “no surprises”. Whether you are looking to complete a SOC examination for the first time or looking for more from your current SOC examiner, we are ready to help!
Our team of professionals not only have Big 4 and middle-market public accounting backgrounds specializing in the areas of IT Audit and Cybersecurity, but they also have “hands-on” experience having also served as Chief Information Officer, Director of Information Technology — having addressed all aspects of IT Leadership, Operations, and Risk Management.
Service organizations taking on their first SOC examination will first need to ensure they are prepared for the road ahead.
- Understanding the systems & processes which will be in-scope for the examination
- Identifying control objectives or criteria that will be in scope for the examination.
- Examining the initial state of the relevant internal controls present within the organization
- Providing recommendations for management on addressing any gaps or observations noted during the assessment
Upon completing the readiness assessment, it’s time to get to work on addressing items noted in the prior phase:
- Management will begin addressing gaps that were identified during the initial readiness assessment.
- Training should be provided for process owners to ensure adequate documentation is being created and retained, and that controls are being operated as described.
- It is time to begin documenting the description of the systems and processes which will be included in the examination report.
At the final stage of the project, we are ready to begin the examination, here is what you can expect:
- An initial documentation request list will be provided 6 weeks prior to the examination.
- Schedule a planning meeting 2 weeks prior to the examination to discuss interview schedules & on-site logistics.
- Review documentation, interview process owners, & observe the operation of controls.
- Draft reports are issued within 3 weeks of fieldwork completion for management’s review.
Our Technology Risk Services team has a breadth of experience in both Big 4 and middle market accounting firms providing SOC services. Whether you need SOC 1, SOC 2 or other type of SOC report, we have the experience and expertise to exceed your expectations. Interested in learning more? Complete the form below and a member of our team will reply promptly.