PRG Partner
404.573.4414
Atlanta, GA
PRG Partner
615.416.6878
Nashville, TN
Whether your service organization is new to SOC examinations or you’re looking for a new provider, Frazier & Deeter’s experienced team of SOC practitioners can help. Our SOC team is led by the AICPA’s SOC School author and instructor, Shelby Nelson. Frazier & Deeter’s team is comprised of professionals with Advanced SOC, CISA, CISSP and CyberSOC certifications. All of our SOC partners are AICPA SOC Peer Review Specialists.
We provide service organizations the practical expertise you need and we utilize a customized approach that emphasizes knowledge transfer, communication and support. We take the time to educate potential and existing clients on SOC reporting and to explain SOC is not just a “check the box” exercise. From the beginning, we partner with you to understand your organization in order to determine the most appropriate SOC examination options to achieve your SOC reporting objectives.
We help you to understand whether a SOC 1, SOC 2, SOC 3, and/or CyberSOC examination is best suited for your organization, the need and benefit of readiness, and the type of report (Type I – as of a point in time or Type-II over a period of time).
Going directly into an examination without a little pre-work to “get ready” for the SOC examination increases your organization’s risk of having control exceptions that would be required to be reported during an examination.
We help you evaluate your current internal control structure, identify controls and evidence in place in preparation for a SOC examination.
We partner with you to develop a customized timeline based on your SOC reporting objectives with clear expectations of both you and FD.
Our process starts with a complimentary review of your existing report from the SOC Peer Review specialist and AICPA SOC School author and instructor, Shelby Nelson or another FD SOC Peer Review specialist.
We will evaluate your current scope and communicate considerations for any changes that may be needed to the SOC examination to best suit your current and future SOC reporting objectives.
Our training is customized to suit your needs and provided by the AICPA SOC school author and instructor, Shelby Nelson. Whether you’re an internal audit team who supports your service organization’s SOC examination(s), or an advisory firm seeking ways to improve, streamline or start a SOC reporting practice, our team of seasoned professionals who possess SOC specific credentials are here to help. We take a customized approach to all SOC training based on the experience and knowledge level of your team to tailor learning that supports your objectives.
There are several examinations within the SOC suite of services. We are known for our ability to educate our clients, to help you understand which option is best for your organization. SOC examinations are not a requirement, outside of a contractual obligation, for a service organizations, but an elective SOC examination is a way to exemplify and demonstrate your service organization’s commitment to internal control to your customers.
If your organization provides services that are relevant to or impact your customers’ (user entities’) internal controls over financial reporting, or your services impact a line item on your customer’s financial statements, then a SOC 1 is a relevant examination.
If your organization has committed to the security, availability, processing integrity, confidentiality, and/or privacy of your services, then a SOC 2 is a relevant examination.
The security category is the required category for all SOC 2 reports. The security category contains criteria that each service organization must consider and identify their controls in place to address that criteria. There is no checklist or required controls in the SOC 2 framework.
A SOC 3 is meant to be a general use report, can be posted on your website, but can only be issued after a SOC 2 – Type II examination has been completed. FD can guide you on the applicable categories and criteria that you should address in your SOC 2 examination, whether a SOC 3 would be beneficial and how it should be edited for public use, and assist you in evaluating the adequacy of controls in place at your organization to address the applicable criteria.
The SOC for Cybersecurity provides AICPA guidance on how to report on a service organization’s cybersecurity risk management program. If you are already a SOC 2 reporter, there are potential efficiencies that can be leveraged. FD professionals with the Cybersecurity SOC certification will guide you through leveraging SOC 2 testing efficiencies and the process to generate a Cyber SOC report that can be provided to internal and external stakeholders.
SOC for Supply Chain is the newest to the SOC suite of services. It is a SOC examination to report on entities that produce, manufacture or distribute products, risks to their supply chain and measures in place to address those risks.
PRG Partner
404.573.4414
Atlanta, GA
PRG Partner
615.416.6878
Nashville, TN