Service Organisation Control (SOC) Reports with help from BDO
Businesses are increasingly outsourcing activities to specialised service organisations such as property managers, datacentres, IT administrators and payroll agencies. which provides convenience for the organisation, but it also requires mutual trust and transparency. The outsourcing party expects agreements made with the other party to be observed. Furthermore, more often Supervisory Board members demand reassurance on outsourced tasks. Service Organisation Control (SOC) Reports provide this reassurance.
There are various formats of SOC Reports:
- ISAE 3402 (SOC 1): focuses on internal control measures in the processing of financial transactions at service organisations.
- SOC 2 and SOC 3: focus on internal control measures in IT related activities at service organisations.
At BDO we can help you with all types of Service Organisation Control Assurance Reports. Together with you we first identify what type of report suits your service provision best and determine the scope of the report. As a service organisation you subsequently carry out a risk analysis and draw up the control framework. We then check the design and existence of control measures carried out by your organisation. We then test whether the control measures operated properly during the report period. Finally, we arrive at an independent assessment and draw up the assurance report that is part of your Service Organisation Control Reports.
In summary we follow the following six steps:
- Identify format of report
- Review risk analysis & control framework
- Determine set-up and existence
- Check operation
If you would like to know how BDO can help you with Service Organisation Control (SOC) Reports? Please contact one of our specialist for more information or to arrange an introductory meeting without any obligation.