Build confidence with an independent report on the financial reporting process or Sarbanes-Oxley Act Section 404 controls as of a specified date (type 1) or over a specified period (type 2).
Get independent assurance that your security, availability, processing integrity, confidentiality, and privacy controls are effective; this report can be adapted to the needs of your customers.
Achieve compliance and gain market share. Stop redundant customer audits and Partner with experts who understand your industry and the regulatory pressure you face
Accorp provides an affordable, efficient approach to SOC compliance. We bring Big 4 expertise to clients ranging from small private firms to Fortune 500 companies. Our audit specialists will design a customized process to help your organization benchmark and compare internal controls against industry best practices. We also specialize in assisting with first-time compliance.
We, being the members of both the professional bodies viz., ICAI and CPA are authorized to undertake such audits. This audit serves the purposes of both AICPA and ICAI standards. Thus an assurance audit on SOC can be used by the auditors of US entities and also the Indian entities who are required to report on the internal controls over FR.
Gives assurance to Management of Service Organisation, User Entity and User Entity's Auditor, of the suitability and/or the operating effectiveness of the controls.
Proactive measurement aiming to minimize / avoid the potential risk that it may cause damage / loss to either Service entity or User Entity.
Auditor's of User Entity places reliance on the SOC while evaluating the internal controls of user entity with reference to its financial statements.
Helps in building trust
Differentiates service organization from peers
Provides management insight into the effectiveness of controls and possible areas for improvement
Provides an independent assurance
Demerits if you dont opt for SOC
Opportunity of securing business contracts with US entities is lost;
Risks remain unassessed / not evaluated;
Risk mitigation strategies cannot be evaluated / implemented.
1. What kind of businesses should be thinking about SOC 2
A SOC 2 report will help your customers trust that you follow security best practices. SOC 2 reports are generally carried out by businesses performing information systems processing or technical services to other business. The SOC 2 report provides third party assurance that an adequate baseline of Information Security controls have been put in place. Businesses of all sizes can have a SOC 2 audit, however, it is most beneficial for businesses looking to sell in the enterprise market.
2. How will a SOC 2 audit benefit my business
If you’re selling services to mid-market and enterprise companies you may be asked, “Do you have a SOC 2 Type II report?” If the answer is “no” your company may find it more and more difficult to make these sales. With almost daily headlines of companies being breached, the need for information security and compliance (with laws and industry standards) continues to increase. A SOC 2 report will help your company sell to bigger and bigger customers.
3. How is SOC 2 different from SSAE 16 / SSAE 18?
When the industry replaced SAS-70 reports with SOC 1 and SOC 2 reports as the new standard, there was initially a lot of confusion. SOC 1 reports are often referred as “SSAE 16/18.” These reports typically only cover the controls that support financial reporting. SOC 2 on the other hand is an audit against the Trust Services Principles and Criteria. SOC 2 reports are generally best for technology service providers that extend beyond financial services. SOC 2 is the best choice for most businesses.
4. What is the difference between a Type I and Type II audit
A SOC 2 Type I audit is an audit reporting on the policies and procedures a company has established at a particular point in time. It is generally the first step taken and is often referred to as “test of design.” It will answer the question, “are the controls properly in place?” A SOC 2 Type II audit is a “test of effectiveness” over a period of time. The “period of time” is generally no less than 6 months and no more than a year. It will answer, “is your company following its own policies?”
5. How do companies prepare for SOC 2?
SOC 2 preparation usually happens in a few stages. First, your company should identify all “key systems” and perform a gap analysis against all requirements documented in the Trust Services Principles and Criteria. Next, existing security controls should be identified and policies and procedures should be written to meet all requirements. This can take anywhere from a few weeks to up to 6 months, depending on the size and maturity of your company. At this point you are ready for the SOC 1 Type I audit. A SOC 2 Type II audit is typically performed 6 months later.
6. Who typically leads a SOC 2 compliance effort in a company?
Large organizations typically appoint a Chief Security or Chief Compliance Officer to manage audits from beginning to end. Smaller companies tend to outsource expertise and form a team to prepare for compliance. It is best implemented as a team effort because policies changes will impact everyone in your company. As with any major project, executive buy-in is key. The value of compliance isn’t always apparent and having the right people on board will help immensely.
7. We already have good security, is that enough
Having good security practices in place is certainly a good start, but often not sufficient for compliance. Security does not equal compliance, and vice versa. Preparing for SOC 2 may include Security (logical & physical), Availability, Integrity, Confidentiality, and Privacy. Newer/smaller companies often prepare for a SOC 2 by creating many of these policies for the first time. The creation of new policy will often lead to the implementation of new preventative and detective control
8. How long does it take to prepare for a SOC 2 audit
On average, going from zero to SOC 2 Type II will take from 8 months to a year. Smaller companies that don’t have many systems can often complete the process faster. To further expedite the process, it is advisable to not create all policies and procedures from scratch. Many security & compliance consultants have built vast libraries of policies and procedures that can be customized for your business and make your life easier.
9. Our cloud provider already has SOC 2 and other certification, do we still need to do it
If your company is using an IaaS (Infrastructure as a Service) provider such as AWS (Amazon Web Services), you’re probably impressed with number of certifications they have collected. A SOC 2 Type II from an IaaS provider will often cover most of the physical security requirements. Depending on how your system is configured, it may cover backup & recovery, and disaster recovery portions. A SOC 2 Type II from your cloud provider will not cover your application, your internal policies, etc. Using cloud services are helpful, but will not give you 100% coverage.
Multiple professional services under one roof (Accounting, Taxation and Legal support)
We provide businesses advice from qualified professionals with diverse experiences.
Our lower operational fixed costs helps startups allocate more funds elsewhere.
We provide cost effective solutions that are easy to implement.
Our diverse professionals provide hassle free support reducing management involvement in back-end activities.
We dedicate a team member to ensure accountability to a startup.
CA, B.com (H)
Shyam Goel is the founder partner of the company and serving the profession since 1990. He carries vast experience in the field of Accountancy, Audit, and Corporate Law Matters. His strengths include excellent drafting, communication and management skills. He is the guiding force with 25 years in professional field.
Gopal Bansal is currently leading the Managing partner of the comapny. He is serving the profession since 1994 and has a good exposure in Indirect Tax,Direct Tax, Accounting, Assessment Proceedings apart from his acumen across the areas of Management & Operational Audits and Management Consultancy services.
Sanyam Goel has rich experience of Cross Border Transactions for various clients of the firm including International Taxation,IFRS and US GAAP. He is associated with the company for more than 6 years and has developed strong knowledge over the years. He has worked at senior positions in Ernst & Young.
Associate | Chartered Accountant
Vinay is a qualified Chartered Accountant and manages the Taxation service at accorptaxpro. He’s adept at transaction structuring with respect to Direct and Indirect taxation matters. He ensures that he is always updated on the amendments in the ever evolving taxation environment. When not at work, Vinay enjoys playing cricket and binging on street food.
He is currently leading the Inbound Investment Services wing of the compay. He has good exposure in Direct Taxation, Statutory & Internal Audits. He has a focused approach towards work & to this he has lead marketing, manufacturing and overall management assignments.His provides the clients an important opportunity to streamline and improve all aspects of reporting & understanding.
Govind Gupta leads the Indirect Tax team of the company. Serving the profession since 2002, he has vast experience in Sales Tax matters, Service Tax Compliances as well as new tax compliances under GST regime. Apart from Indirect Tax, he is well-equipped in providing Management Consultancy & other attestation services, including internal audit and due diligence.
Accorptaxpro Pvt. Ltd.
All Rights Reserved. © 2019.