Compliance Consulting Made Simple
How are IT systems scoped for Sarbanes Oxley?
Software, applications and databases utilized to process financial transactions of publicly traded companies, as well as the servers housing these systems are required to be Sarbanes-Oxley compliant. Thus, the accounting system (for example: SAP, Oracle, Dynamit, QuickBooks, etc.),
What is a SOC Bridge Letter?
Service organizations often issue SSAE 18 SOC reports with reporting periods inconsistent with user entity financial reporting years, creating a “gap” in the internal controls. For example, a SSAE 18 SOC 2
How often does my SOC report need to be renewed?
SOC report coverage can vary in length. They typically cover 6 -12 months. The reports should be renewed each period to ensure continued control effectiveness. If you are reviewing a third party’s SOC report,
Does a SSAE18 SOC report or a security questionnaire provide more assurance?
There are five trust service criteria: availability, security, privacy, confidentiality and availability.
What are the AICPA trust service criteria?
There are five trust service criteria: availability, security, privacy, confidentiality and availability.
What is the difference between and SSAE18 Type 1 and Type 2 Report?
Type I – A report on policies and procedures placed in operation as of a specified point in time. SSAE 18 type I reports evaluate the design effectiveness of a service provider’s controls and then confirms the controls have been placed in operation as of a specific date.
Type II – A report on
