Siv Irene Aasen
Service Organization Controls Reporting
Enterprises that provide services are increasingly meeting demands for inspection and audit of internal controls relating to the services they deliver. Customers of such enterprises often demand a third-party statement, a so-called Service Organization Controls reporting (SOC), which is an independent statement of the quality of systems, procedures and controls at their service providers.
Enterprises that deliver the following services are often requested to issue a third-party statement:
- IT operations providers
- Development, management and operation of systems or SaaS services
- Logistics, trading or insurance services
- Accounting-related services, such as invoicing and bookkeeping
Our advisers have extensive experience with third-party statements on internal controls. In addition to expertise in the relevant standards (ISAE 3402, SSAE 16, SOC), we also have expertise in the frameworks that should be used to design good processes, control objectives, and controls within an organisation.