SOC Diagnostic
A SOC diagnostic is an ideal, low cost starting point for companies who have not had a SOC or other controls based audit procedures previously performed. Our SOC diagnostic is designed to assist our clients to make a determination regarding their preparedness for an actual SOC audit. Our findings, areas we believe need to be addressed prior to an actual SOC audit, are only reported internally to management.

Type I SOC Audit
Includes an opinion on the fairness of the presentation of a description of controls in operation and how the design of the controls achieves the specified control objectives as of a point in time.

Type I SOC audit may be preferable when your company:

• Has never had a SOC audit performed.
• Has concerns regarding its readiness for a Type II SOC audit.
• Needs a SOC report to be issued within a short timeframe.
• Has no contractual obligation with its customers to have a Type II SOC audit performed.

Type II SOC Audit
Report includes the information contained in a Type I service auditor's report, but also includes an opinion on whether the specific controls were operating effectively during the period under review.

Type II SOC audit may be preferable when your company:

• Provides a significant level of services to companies impacted by the Sarbanes-Oxley Act of 2002.
• Is contractually obligated to provide a Type II SOC audit report to customers.
• Is often visited by various third parties looking to perform a variety of audit procedures.

Agreed-Upon Procedures Reviews
There are instances where it is not necessary to perform a SOC audit, but it is necessary for a company to report upon their achievement of certain control objectives. In such a scenario, we would advise an agreed-upon procedures review.

• These reviews have a defined set of procedures, such as verifying the accuracy, integrity, timeliness and confidentiality of information processed by the service organization.
• Designed to give independent third-party verification of selected controls to third-parties, such as customers and financial institutions, e.g. lenders.

• Our "4-Fold" method divides the engagement into four phases Analysis, Remediation, Fieldwork, and Reporting.
• Our approach ensures that our clients receive a high degree of efficiency, minimized disruptions to their business, and direct attention.
• Team leaders with significant experience performing SOC audits.
• National firm service without the associated high cost.