Baker Tilly
Contact us
typing on computer

System & Organization Controls (SOC) Reporting

Baker Tilly’s dedicated AICPA SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

System & Organization Controls (SOC) Reporting

  1. Article
    Business meeting at conference table with professionals walking by

    SOC FAQ

  2. Whitepaper
    audit staff at an accounting firm

    Transparency report: how we perform quality audit engagements

  3. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  4. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  5. Resource
    hands working on report

    Which SOC report is right for your organization?

  6. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  7. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  8. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  9. Webinar
    Team meeting analyzing data

    SOC 2 for startups: what you need to know to be prepared for a SOC 2 audit

  10. Article
    Lights reflecting on building exterior

    Lessor issues: implementing the new leases accounting standard

  11. Webinar
    Blue lighting in server room

    SOC considerations through the COVID-19 lens

  12. Article
    Professional works remotely on his computer and phone

    The impact of COVID-19 on SOC

  13. Article
    Blue architecture in a city

    AICPA releases new SOC for Supply Chain reporting framework

  14. Webinar
    Leveraging SOC 2® reports to meet stakeholder expectations

    Leveraging SOC 2® reports to meet stakeholder expectations

  15. Multimedia
    Vascular Solutions testimonial

    System and Organization Controls (SOC) overview

  16. Article
    Man works remotely with phone, reports and computer

    Establishing trust with SOC reports

  17. Webinar
    Manufacturing denim in a supply chain

    Supply chain industry trends and upcoming SOC for Supply Chain report

  18. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  19. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  20. Article
    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

  21. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  22. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  23. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  24. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  25. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  26. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  27. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  28. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  29. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  30. Webinar
    Architecture details, glass windows

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  31. Article
    fiber optics, lights, technology

    Cybersecurity risk management reporting framework can provide a key component of an organization’s risk management program

  32. Whitepaper

    ASC 606 Revenue Recognition e-book

  33. Article
    Focal themes from the Super Regional P/C Insurer conference

    AICPA releases final guidance on SOC for cybersecurity

  34. Article
    The test for goodwill impairment gets easier

    The test for goodwill impairment gets easier

  35. Article
    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

  36. Article
    string of lights

    Creating a sustainable cybersecurity management program

  37. Webinar
    ICFR for Revenue Recognition

    ICFR for Revenue Recognition

  38. Webinar
    ASC 606: Transition methods and effective dates

    ASC 606: Transition methods and effective dates

  39. Webinar
    Leases: How will it impact you?

    Leases: How will it impact you?

  40. Article
    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

  41. Article
    People walk on curved walkway between buildings

    AICPA proposes cybersecurity attest engagement

  42. Article
    Two railroad tracks merge en route

    Focus on these key areas within each community bank merger and acquisition stage

  43. Article
    FASB revises credit loss reporting rules for financial institutions

    FASB revises credit loss reporting rules for financial institutions

  44. Article
    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

  45. Article
    ASC 606, new revenue recognition standard, may impact broker-dealers

    ASC 606, new revenue recognition standard, may impact broker-dealers

  46. Article
    The ASC 606 transition: Allocating the transaction price to separate performance obligations

    The ASC 606 transition: Allocating the transaction price to separate performance obligations

  47. Webinar
    WEBINAR: ASC 606 (revenue recognition) transition: Determining the transaction price (consideration)

    WEBINAR: ASC 606 (revenue recognition) transition: Determining the transaction price (consideration)

  48. Webinar
    Equipment leasing – Strategies, best practices, and new leasing standards

    Equipment leasing – Strategies, best practices, and new leasing standards

  49. Article
    The ASC 606 transition: Determining the transaction price

    The ASC 606 transition: Determining the transaction price

  50. Comment Letter
    Proposed ASU: statement of cash flows, restricted cash

    Proposed ASU: statement of cash flows, restricted cash

  51. Article

    OCC standards require strict oversight of third-party relationships

  52. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  53. Article

    AICPA changes to SOC 2: what service organizations need to know

  54. Article
    Conference room in advance of board meeting

    Vendor management and the importance of System and Organization Controls (SOC) report reviews

  55. Article

    Revenue recognition requirements delayed one year

  56. Article
    Stack of reports

    Proposed revisions to the Trust Services Principles and Criteria are available for comment

  57. Article
    Transitioning to the 2013 COSO Framework

    Transitioning to the 2013 COSO Framework

  58. Comment Letter
    Baker Tilly Comment Letter to the FAF on the PCC

    Baker Tilly Comment Letter to the FAF on the PCC

  59. Article
    city skyline

    AICPA issues guidance on new mortality tables for nongovernmental employee benefit plans

  60. Article

    New Jersey law mandating health insurance data encryption may have broader implications

  61. Article
    Conference room in advance of board meeting

    Recent news insight: Morgan Stanley and the importance of quality internal controls

  62. Webinar

    Understanding your IT risks, security and vendor management webinar

  63. Case Study
    consultant reviews financial data on mobile devices

    SOC 2 report helps international printing company drive millions in sales

  64. Comment Letter

    Baker Tilly Comment Letter to the AICPA on the Enhancing Audit Quality Initiative

  65. Article

    Regulatory noncompliance is now a financial matter

  66. Article
    city skyline

    Cybersecurity: stay ahead of an evolving landscape

  67. Article

    Going Concern: FASB issues new standard on reporting adverse conditions and events

  68. Article
    Hikers climb a rocky path

    Cybersecurity: steps to take now

  69. Article
    consultant reviews financial data on mobile devices

    Changes to the Trust Services Principles that Impact SOC 2

  70. Article
    Team reviews data analytics for organization

    Managing risk for third party relationships: Office of the Comptroller guidance

  71. Article
    Professionals walk and talk in transit to the next business meeting

    SOC reporting: what service organizations need to know

  72. Article

    New NIST Cybersecurity Framework

  73. Case Study

    Credit union relies on risk and internal audit expertise

  74. Comment Letter

    Baker Tilly Comment Letter to the AICPA on the Proposed Revision of Trust Services Principles and Criteria

  1. Jeff Krull

    Jeff Krull

    CPA, CISA

    Partner

  2. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Partner

  3. Garrett Gosh

    Garrett Gosh

    CPA, CITP

    Partner

  4. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  5. Greg Reda

    Gregory Reda

    Partner

  6. Atit Shah

    Atit Shah

    CISA

    Principal

Baker Tilly’s dedicated SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

SOC reporting was developed by the AICPA as a valuable tool for organizations to demonstrate to their customers and other key stakeholders their controls are working.

Which SOC report is right for your organization?

Connect with usarrowCreated with Sketch.

With several reporting options available, it is important to identify which SOC report is right for your organization. Reporting options include the SOC 1®, SOC 2®, SOC 3®, SOC for Cybersecurity and SOC for Supply Chain.

Four steps to a SOC exam

Step 1: Understand what the end-user entities needs included in the scope of the report
Step 2: Understand what is included in the system description 
Step 3: Start your readiness assessment
Step 4: Remediate control or documentation deficiencies before the examination period begins

Find out more about what SOC is and how an organization and its customers can benefit from the reports.

Watch this video

How long does it take to perform a SOC examination?

For organizations undertaking their first SOC examination, we strongly recommend performing a SOC readiness assessment with a qualified advisor prior to starting the examination period to help position the organization for a successful examination. The time frame can vary, but typically it takes 9-14 months from the time an organization starts the readiness assessment process, through an audit period, and ultimately to having a SOC report they can provide their customers.

The flexibility you need

Baker Tilly's SOC practice uses a variety of technology tools to streamline our service delivery model and make sharing documents and requests seamless. These tools can also make it easy for our SOC clients to work remotely and share documents and evidence needed as part of the SOC process with us. Our personnel are well versed in methods for facilitating video conferences, teleconference calls and live, online document-sharing sessions to perform SOC readiness and SOC examination services as efficiently (if not more than) if we were live on-site.

In many cases, remote SOC project services can deliver the same quality service while minimizing travel expenses and space constraints that can accompany on-site work. We also work on-site with our clients when it is more productive and beneficial.  If you are considering Baker Tilly for your SOC needs, let’s discuss these options together and how they could apply in your environment. If you already use Baker Tilly for your SOC needs, please talk with your engagement team about leveraging these tools to make the SOC process as efficient and effective as possible.

Connect with usarrowCreated with Sketch.
Your team was fantastic to work with again this year. I compliment the amazing team you have an am looking forward to next year!
Senior Vice President/Chief Technology Risk Officer of a large financial institution
Article
What's changed with SOC 2?

What's changed with SOC 2?

Article
Conference room in advance of board meeting

Vendor management and the importance of System and Organization Controls (SOC) report reviews

Article
Five person meeting

Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

Webinar
Bundle of fiber optic wiring

Transitioning between System and Organization Control (SOC) reports

Article
SOC reporting: what service organizations need to know

SOC reporting: what service organizations need to know

Article
Ethernet cables

System and Organization Controls (SOC): 20 questions with Baker Tilly

Case Study
Tall electrical tower

System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company