A SOC engagement doesn’t have to be a large task when you work with the right partner. We have the industry expertise best positioned to help you navigate through the SOC process.
We pride ourselves on going above and beyond to provide the added value and personalized attention to our services and deliver reports in an efficient, professional and quality product while providing the value added business process and operational recommendations to improve the control environment currently in place.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Are you new to the SOC reporting process? Security compliance and requirements might seem overwhelming, but not when you have the right partner to guide you through. Our experienced team, combined with our unique “hands on” preparation method, limits guesswork and helps you to quickly prepare for a successful SOC 2 examination.
Every examination we perform is completed with your end goals in mind. Our communication protocols provide for frequent contact with you throughout the engagement period in order to facilitate delivery on your expected timeline.
Communication is essential in completing a SOC report and it starts in the planning process. Our planning begins with a kickoff call. The kickoff call is used to make introductions, identify key players, and points of contact. We also begin the process of understanding the services on which we will be providing an opinion. Where a readiness assessment has been requested, we establish the dates for the readiness work (for first-time SOC reporters) and/or fieldwork (for recurring clients). In readiness, we assess the data flow of the services, identify controls, and provide a gap analysis of controls that may need implementation or improvement. The planning and readiness process is critical to creating open communication designed to obtain maximum efficiencies that will be realized in the Type 2 reporting process.
Our testing and audit plans are shared with you as soon as they are customized for your processes. Customizing and sharing these plans allow us to provide a quality product in the shortest time possible. In addition, we provide templates and main points of the narrative process to help you get started with your description. We provide a draft of the audit plan for your review and complete another call to go through the plan to assist you in assigning tasks for collecting supporting documentation and preparation for on-site testing. Once the audit plan is finalized, we complete the details in preparation of and coordination with you for the on-site testing visit. Between the time of the audit plan approval and the on-site visit, your team starts compiling your supporting documentation and uploading it to our secure portal. Remember, we are there to help, so we invite open communication if you have any questions. This preparation is essential to an efficient and effective on-site audit experience.
OPTION 1: On-Site Fieldwork
We send our itinerary prior to our on-site visit and coordinate the on-site expectations. During the fieldwork, we conduct walk-throughs, controls testing, obtain testing documentation, and review other processes as necessary. We conduct an exit interview with you to provide initial testing results, go over next steps, and have a clear plan for completion of the testing portion of the SOC report. Our goal is to have 95% of all testing documents and your draft of the control description completed at the end of field work. This ensures your report is completed in a timely manner.
OPTION 2: CRI Virtual Smart Audit & Reviews Process
The CRI Virtual Smart Tech Audits & Reviews (vSTAR™) process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our audit engagement virtually and in real time. Learn more here.
When testing and evidence gathering has been completed, your auditor composes a draft of your SOC report and submits it to our quality control team. Every draft SOC report is subjected to a manager and partner review based on our strict quality control process. Once your report has completed this round of reviews, it is provided to you for review, feedback, and modifications. After your draft is returned to us, a final quality control review is completed.
After the final report is issued, we will provide you with the appropriate seal of completion to be displayed on your website. This seal provides your prospective clients with notification that you have completed the SOC reporting process.
Experienced partners and professional staff of our firm conduct quality control reviews of our audits. Our partners’ work is reviewed annually, and the inspection process includes periodic testing of the effectiveness of our quality controls and a continuous improvement program. This risk-based annual inspection is intended to mimic the triennial peer review described in the following paragraph and are performed on completed engagements.
In addition to this inspection, we perform in-process, “pre-issuance” reviews of partners’ work that are chosen for using a risk-based selection process; these reviews are performed by our corporate quality control team. The combination of the in-process and completed engagements is part of our continuous improvement processes.
When it comes to compliance certification, service organizations can often find it difficult to balance customer requirements and ROI.
Our goal is to deliver the efficient compliance assessments you need, at a price that makes sense for your business.
Once we have discussed your needs and current environment, there are several factors that impact our cost estimate:
Unlike most firms, Auditwerx is a true fixed fee firm. Our goal is to provide a service that will not only improve your operations, but also, result in a significant ROI.
Very few of our clients experience amendments. When necessary, they are usually the result of a scope expansion.
Our experienced auditors understand what your organization needs from a SOC report, and our low overhead ensures that our pricing is based on your need.
“We engaged Auditwerx for a SOC 2 audit of our fast growing cloud-based security service. The audit itself was thorough, but non-disruptive. The audit team was highly professional and very knowledgeable. We recommend Auditwerx’s SOC 2 services without reservation.”
Our virtual audit process combines minimal hardware, collaborative software, and cameras to allow us to perform all or part of our audit engagement virtually and in real time. This is neither a “remote audit” nor a “desk review,” both of which often involve electronic file transfers and little interaction with management. Instead, the virtual audit includes dialogue with process owners virtually, captures and shares information electronically, and integrates technology seamlessly. We also offer the possibility of performing a hybrid audit, whereby we reduce our on-site presence by supplementing it with virtual resources.
Our goal is to provide you with the same high-quality audit services through more focused planning, with reduced distraction, and at a more cost-effective price point. Our virtual audit process provides you with more access to our specialists involved in your audit – regardless of your location.
Auditwerx utilizes a web-based, third-party, Engagement Management Platform (EMP). This solution acts as a secure portal that provides project completion and deadline driven status of the requests needed to complete the testing. This tool provides great clarity to clients in where the process is and what items are outstanding. The portal is inter-active and provides a messaging center and restriction of access to specific requests to authorized users.
This intuitive solution standardizes the information collection process, enhances client experiences while securely exchanging the necessary information and automatically managing workflow. Our proven process increases efficiencies, in a secure platform that enhances the client experience.
There is a lot of information about SOC reporting floating around on the internet. New software tools are popping up everyday claiming to save you time and money when it comes to your security compliance audit. Our detailed FAQ will help breakdown the myths so that you can feel confident in your SOC audit.
A SOC report is conducted by a third-party auditor, and is intended to provide your clients with assurance regarding your company’s cybersecurity practices. This kind of report shows that your company follows best practices when it comes to finances, security, processing integrity, privacy and service availability. It is an easy way to provide a comprehensive overview of your business’ in-scope systems (the systems connected to the pertinent business functions) through a consistent and recognized framework.
A “Type 1” report analyzes management’s description of a service organization’s system and the suitability of the design of controls related to the applicable trust services criteria description as of a specified date.
A “Type 2” report analyzes management’s description of a service organization’s system and the suitability of the design and operating effectiveness of the controls related to the applicable trust services criteria throughout a specified period. This type of report offers assurance to your clients on how your systems are used day-to-day. It usually offers a greater level of trust to your clients because they have more visibility into the way your systems are set up.
SOC examinations must be performed by an accredited CPA auditing firm like Auditwerx. Even if other automated software tools claim to save you time or money, that may not necessarily be true if they cannot finalize your report. As the CPA firm that would have to sign off on the report, we would still need to complete the reporting process with you to ensure that all appropriate requirements are met. This could require additional time, money, and headaches that could have been avoided in the first place.
A SOC Readiness Assessment is your best preparation for a SOC audit. Our experienced audit team works to quickly complete your gap assessment in a timely manner, based on your organization’s unique needs. This will identify any gaps in your compliance controls or processes and allow you to remediate them before they impact your final report.
When it comes to compliance certification, service organizations can often find it difficult to balance customer requirements and ROI.
Our goal is to deliver the efficient compliance assessments you need, at a price that makes sense for your business. Once we have discussed your needs and current environment, there are several factors that impact our cost estimate:
Our handy guide, “Adding it Up: What Type of SOC Report Do I Need?” is a great starting point to determine what kind of SOC report best fits your company’s business and compliance needs.
When you’re ready to speak with an experienced team about your reporting needs, Auditwerx will be here for you.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Like other major corporations and professional service providers, the reputation of a law firm plays a crucial role in its profitability and sustainability. Learn how a SOC 2 can help.
Explore what SOC 2 Type 2 certification is, its significance for your business, the benefits of SOC 2 Type 2 compliance, and how to achieve SOC 2 Type 2 certification for your organization.
A SOC 1 report could help demonstrate the IT general controls and business process controls in place to achieve control objective statements.
