business professionals doing a soc report

SOC Reports for Business

What Are The Benefits Of A SOC Report For Businesses?

business professionals doing a soc report

SOC reports are a type of audit that bolsters a company’s reputation in the eyes of clients and customers. There are many kinds of audits, both internal and external. The acronym SOC stands for “System and Organization Controls.” Therefore a SOC report checks a business’s systems and controls for effectiveness and security. The report will then outline any risks to potential customers and the business itself. 

 

Is your business able to identify threats or oversights related to financial reporting, sensitive medical data, or intellectual property? Is your business able to respond to failures of said controls? These are the questions a SOC report seeks to answer. 

 

SOC reports are beneficial for any business that provides a service to another company. If your company handles another entity’s information systems, a SOC report will be relevant to you. However, there are some industries where a SOC report is mandated by governing bodies. Payroll or medical claims processors, data center companies, loan servicers, and Software as a Service (SaaS) providers that may touch, store, process or impact financials or sensitive data of their user entities are examples of businesses that require a SOC report.

 

A SOC audit can only be performed by an independent CPA (Certified Public Accountant) or accountancy organization. After the audit, the CPA will provide a detailed report outlining: 

  • Audit results 
  • Areas for improvement
  • Whether or not the CPA can sign off on whether controls have been satisfactorily met

 

Types of SOC Reports

 

SOC reports fall into one of four categories: SOC 1, SOC 2, SOC 3, or SOC for Cybersecurity. A qualified CPA consultant can help you determine which type you need.

SOC 1

This category of report focuses on outsourced financial reporting services. It will tell a business owner about the effectiveness of their controls related to the client’s financial data. For example, a payroll company that processes bi-weekly pay stubs (QuickBooks, Gusto, etc.) will need a SOC 1 audit. Debt collectors, accounting firms, and some data centers fall under the purview of the SOC 1 as well. 

SOC 2

The SOC report applies to non-financial outsourced systems. This is the main way it differs from the SOC 1 report, which deals specifically with financial controls. An SOC 2 report will address the security, availability, processing integrity, confidentiality, and privacy of all company systems. Relevant company sectors often include Enterprise IT Outsourcing Services, Managed Security, Customer Support, Healthcare Claims Management & Processing, and FinTech Services.

SOC 3

Previously known as a SysTrust or WebTrust, the SOC 3 report is a less comprehensive SOC 2 report. An SOC 3 report will not contain descriptions of any controls or results of testing. This makes it great for marketing purposes while not as strong for addressing fundamental failures in controls. 

SOC for Cybersecurity 

As the name implies, a SOC for Cybersecurity report focuses on an organization’s enterprise-wide cybersecurity risk management program. This kind of report is becoming more popular as more services move online and the incidence of hacking rises. 

Type 1 & Type 2

SOC reports can fall into two different types. This is most common with SOC 1 and SOC 2 audits. For example, a SOC 1 audit can either be done as Type 1 or Type 2.

Type 1 audits are performed on a specified date. They only test the design of a service organization’s controls, not the operating effectiveness. Some companies use Type 1 reports as stopgaps until they can complete a full Type 2 report. 

Type 2 audits can last multiple months as an auditor observes and tests company controls. This is the most comprehensive type of report. At the end of the audit, your company will receive:

  • An opinion letter
  • Management assertion
  • A detailed description of the system or service
  • Details of the selected trust services categories
  • Tests of controls and the results of testing
  • Optional additional information.

 

Benefits of a SOC Report

A SOC report is beneficial to any company that handles outsourced services and data. In a general sense, it shows clients that you’re proactive about protecting their assets. Potential clients are more likely to work with you when they see your commitment to strong controls and operations. 

 

Here are five reasons why you should consider a SOC report.

  1. Add legitimacy to your company by demonstrating a sound operational foundation 
  2. Remain compliant with industry SOC requirements (for many companies dealing in financial and medical reporting) 
  3. Catch security breaches before they happen and avoid damaging reputation hits 
  4. Discover operational inefficiencies and boost profit margins 
  5. Display the AICPA logo on your website and marketing materials showing you’ve received an SOC report

 

Perry & Associates is here to guide you through the SOC reporting process. We will consult with you on the best kind of report for your business. Then our professional accountants will conduct the audit thoroughly and efficiently. For more information about your SOC report options, call Perry & Associates at 740.373.0056.

Form 990 Filing Extension for NFPs

Not-For-Profit Form 990 Filing Extended to July 15

 

Not-for-Profits normally must file Form 990 on or before May 15; however the filing extensions granted to individuals and taxpayers were also granted to NFPs when the IRS issued Notice 2020-23. Form 990 now has an extended filing deadline of July 15, 2020. 

 

The following returns that qualify under this extension include:

  • Form 990, Return of Organization Exempt From Income Tax
  • Form 990-T, Exempt Organization Business Income Tax Return
  • Form 990-PF, Return of Private Foundation
  • Form 4720, Return of Certain Excise Taxes under Chapters 41 and 42 of the Internal Revenue Code

 

For more information about filing six-month filing extensions for Form 990 and related questions, please contact our CPAs. 

 

As always, the IRS keeps information updated frequently on their site. Visit the IRS’s Filing and Payment Deadline Questions and Answers for updated information. 

 

The AICPA also keeps on top of general education and updates concerning the new tax changes. 

 

For an overview of the disaster relief options available to you at this time, read through our FAQs About COVID-19 SBA Disaster Loans.

CARES Act and Paycheck Protection Program

The CARES Act with Paycheck Protection Program

The Relief Package Was Approved

The Coronavirus Aid, Relief, and Economic Security (CARES) Act was signed by President Trump on Friday, March 27, 2020. There are multiple components to the relief funds that may benefit your business. A core element is the Paycheck Protection Program. In short, these are SBA loans that may be forgivable to eligible businesses and 501(C)(3) organizations that use the loans for the program’s specific guidelines. For guidance on any COVID benefit programs, please call us.

Our COVID Response Group

If you need our help, please call. We want to make sure you are maximizing all benefits, making the right choices and accounting for any funds or benefits you receive. Our group can help you with:

  • SBA Loan Application Processing
  • Comprehensive Tax Relief Evaluation Covering All Components of the CARES Act
  • Cash Flow Projections and Tracking

A Few Items to Share

  • There are multiple programs. If you select one, you may not be eligible for another.
  • The Paycheck loans will need to be processed through your financial institution. As of today, most financial institutions are working as fast as they can to get set-up to process loan requests.
  • The loan can pay for up to 8 weeks of qualified payroll. For more information on the exceptions involved, contact Perry & Associates.
  • The loan can also be used for utilities, mortgage interest, rent payments, healthcare benefits, interest on existing debt.

Let Us Help

Please contact us with questions or to discuss your specific situation. We will help you through these difficult financial decisions.

(740) 373-0056