The increase in available software options has led software companies to look for ways to differentiate themselves from their competition. An increasingly popular way to do this is to obtain a System and Organization Controls (SOC) report which addresses the internal control environment of the software companies to help ensure the application’s stability and security.
There are common management issues in employee benefit plans. Having the appropriate Complementary User Entity Control in place will assure to plan management that policies and procedures are being followed.
SOC 1 reports will look nearly identical under SSAE 18 as they did under SSAE 16, and changes to the reports will be minor, so there is not much that service organizations will have to change, especially Holtzman Partners clients. However, the shift to SSAE 18 does result in 5 main changes.
As consistent with SAS 70 audits, service organizations can obtain Type I or Type II reports for both SOC 1 and SOC 2 audits.
Earlier this year the AICPA issued an update to the Trust Services Principles and Criteria (TSPC) impacting how SOC 2 and SOC 3 examinations are conducted and reported. It is essential for companies undergoing these examinations to understand the changes to the TSPC since they will significantly impact the examination process. The 2014 version of […]