Whether you’re contemplating a SOC engagement for the first time or considering an upgrade, we recommend that you test the waters first. Prepare for it by having us walk you through the requirements before a formal report is issued.
This approach helps to identify potential gaps in systems descriptions and documentation, concerns about management assertions, or breakdowns in controls. It also enables you to correct those gaps, concerns, or breakdowns before they’re published. To reap the benefits of readiness consulting in an audit, all implementations or corrections need to be in place for at least six months before a SOC engagement.
What Can You Do to Get Ready?
- Become familiar with the new standards
- Decide if you need a SOC audit
- Choose which type of SOC audit you might need
- Determine how effective your monitoring procedures are
- Identify the basis for your assertion
- Select your evaluation criteria
- Review your control objectives and risks to meeting them
- Work with your subservice organizations to develop a mutual approach
