Have you had a customer ask if you have a “SOC” report they could review? Or perhaps your sales team lost potential new contracts because you didn’t have a SOC report or couldn’t answer if you were “SOC compliant”. Here are 4 tips for understanding if you need a SOC report and how to have a successful start.
Talk directly with your current customers who have inquired about it. Understand why they are asking and how it impacts them. You might find out they want to increase business with you or they might be shopping at your competitors due to a lack of SOC report.
Talk with your sales team. Are contracts being lost due to a lack of SOC report? How often to customers or potential customers ask about it?
Try to financially understand the impact if you go down the SOC road.
Once you’ve quantified the “why”, ensure everyone from sales, IT, HR, accounting, operations and leadership are fully aware of what you’re considering. Their buy-in is critical to the success of a clean SOC report.
Request references from their clients who are in the same industry.
I also never recommend utilizing the Big 4 or even the larger 8-10 national firms. The higher costs of those firms will minimize the benefits of the future report.
This will not be a one-time, stand-alone instance. Customers will want to see bridge letters and future reports which show you have continued to address their reason for asking for a SOC report past the first reporting date. Creating internal processes that are repeatable in the long-term will greatly benefit your organization.
Bonus tip
You know your business. You’re an expert at what you do. We know SOC. Let us be the support you need between your team and the auditors. Training, mock audits, organization of critical files, and direct support during the SOC attestation process. thomas@r-vmc.com
You stare at your financial statements. You've cut costs, delayed major projects, your Accounting software…
Don't just take our word for it, here are some quotes from clients and other…
The other day I was having lunch with an Internal Audit Director and was asked…
Whether it's due to the current health concern or your company is just giving you…
When planning an audit we must address our internal bias and adjust accordingly.
Just around the corner, in 2020, non-accelerated public filers will have their external auditors include…