Service organisation control reports (formerly SAS70)

Many companies have found that they are able to function more effectively through the outsourcing of tasks or entire functions to service organisations. It is vitally important that such organisations have a verifiable and reliable system of internal controls in place.

Service organisation control (SOC) reports are able to provide necessary information about a service organisation’s controls and risk management procedures relating to financial reporting (SSAE16/ISAE3402) or to security, availability, processing integrity, confidentiality and privacy (SOC2).

A SOC report provides third party assurance on the structure and suitability of the service organisation’s internal control systems.

It is likely that clients of service organisations will increasingly require SOC reports as assurance before agreeing to use the services offered by the organisation.  In order to remain competitive therefore, it is imperative that service organisations can make an audit report available to their clients.

We are able to issue the following types of service organisation audit report:

  • SSAE 16 (SOC 1) ISAE 3402
  • SOC 2

Benefits of investing in a service organisation audit report include:

  • Ensuring your organisation operates commercially and meets the demands of the market;
  • Building trust and confidence in outsourced systems for all stakeholders;Providing information to user entities on how to mitigate the risks associated with outsourcing services;
  • Allowing service organisations to undertake only one audit as opposed to multiple requests from customers; and
  • Providing third party assurance on the design and implementation of your internal control system, thereby facilitating opportunities for effective improvement.