The world has become significantly more digital in recent years and that is true for the accounting and auditing industry as well.

After the Sarbanes-Oxley Act of 2022 was implemented, Section 404: Assessment of Internal Control required management to produce an “internal control report” that affirmed the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.

Since then, as companies grow and rely on third parties (such as Cloud & IT infrastructure, financial services and payroll processors) in their systems and programs, it has become even more critical that customers, business partners and regulators can trust the critical data shared as well as data protection practices.

SOC (Systems and Organization Controls) reporting is a type of attestation reporting which demonstrates that the third party has appropriate controls in place to protect personal, financial and sensitive client data. For accountants and auditors, this is a crucial piece of determining whether the Internal Controls over Financial Reporting (ICOFR) is reliable and you may have heard of SOC 1, SOC2, SOC3 reports mentioned before.

As IT operations shift to the cloud, have you evaluated all the third parties involved in your operations for cybersecurity? Feel free to reach out to Tyler Wendland on our team if you would like to find out how!