There has been little in the business world that remains unimpacted from the ongoing current pandemic, including an organization’s reliance on another business to provide their services. Entities that expect a SOC (System and Organization Controls) report from their service organizations are wondering if the reports on internal controls as they relate to internal controls over financial reporting “ICFR” (SOC 1) or the AICPA’s Trust Services Criteria (SOC 2) will even be available.
For entities that currently issue SOC reports, concerns on how to support an examination during this time are stemming from reduced headcount, decreased revenues, ceased operations due to government requirements or conversely the mandated requirement to continue operations.
For those SOC report issuers and SOC report consumers experiencing these concerns, we offer the following SOC considerations as you navigate the COVID crisis:
- Evaluate key personnel risk. Are adequate personnel available to back-up or support critical function(s)?
- Consider changes in the organizational structure. Have changes created potential segregation of duties concerns?
- Consider control responsibilities or control owners as Family and Medical Leave Act (FMLA) and/or Families First Corona Virus Response Act (FFCRA) are leveraged by personnel.
- Are your Disaster Recovery and Business Continuity Plans up to date? You are likely in the middle of a live test of these plans, and an opportune time to reflect on changes/updates.
The SOC team at Frazier & Deeter puts client service at the forefront, including our adaptability to change, and flexibility to support our client’s needs and challenges. We are here to provide solutions, and answer your questions like:
- “Should we shorten or extend exam periods?”
- “Why can’t we skip a report?”
- “What if our operations change before or after we issue?”
- “How can I support a SOC examination during this time?”
We welcome the opportunity to speak to you about your SOC questions, challenges or concerns. Additionally, in several episodes of our Culture of Compliance podcast series, Sabrina Serafin, Gina Gondron and Shelby Nelson all speak on the topic of SOC. They discuss the history, reasons to undergo a SOC examination and explain the complexities of SOC guidance.