Baker Tilly
Contact us
typing on computer

System & Organization Controls (SOC) Reporting

Baker Tilly’s dedicated AICPA SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

System & Organization Controls (SOC) Reporting

  1. Webinar
    due diligence with a SOC 2 examination

    How to bolster vendor due diligence with a SOC 2

  2. Article
    common challenges key considerations SOC report

    Common challenges and key considerations when using or reviewing a SOC report

  3. Article
    Business meeting at conference table with professionals walking by

    SOC FAQ

  4. Whitepaper
    audit staff at an accounting firm

    Transparency report: how we perform quality audit engagements

  5. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  6. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  7. Resource
    hands working on report

    Which SOC report is right for your organization?

  8. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  9. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  10. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  11. Webinar
    Team meeting analyzing data

    SOC 2 for startups: what you need to know to be prepared for a SOC 2 audit

  12. Article
    Lights reflecting on building exterior

    Lessor issues: implementing the new leases accounting standard

  13. Webinar
    Blue lighting in server room

    SOC considerations through the COVID-19 lens

  14. Article
    Professional works remotely on his computer and phone

    The impact of COVID-19 on SOC

  15. Article
    Blue architecture in a city

    AICPA releases new SOC for Supply Chain reporting framework

  16. Webinar
    Leveraging SOC 2® reports to meet stakeholder expectations

    Leveraging SOC 2® reports to meet stakeholder expectations

  17. Multimedia
    Vascular Solutions testimonial

    System and Organization Controls (SOC) overview

  18. Article
    Man works remotely with phone, reports and computer

    Establishing trust with SOC reports

  19. Webinar
    Manufacturing denim in a supply chain

    Supply chain industry trends and upcoming SOC for Supply Chain report

  20. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  21. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  22. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  23. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  24. In the News

    Auditors plan deeper dives into outsource provider reports

  25. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  26. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  27. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  28. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  29. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  30. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  31. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  32. Webinar
    Architecture details, glass windows

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  33. Article
    fiber optics, lights, technology

    Cybersecurity risk management reporting framework can provide a key component of an organization’s risk management program

  34. Whitepaper

    ASC 606 Revenue Recognition e-book

  35. Article
    Focal themes from the Super Regional P/C Insurer conference

    AICPA releases final guidance on SOC for cybersecurity

  36. Article
    The test for goodwill impairment gets easier

    The test for goodwill impairment gets easier

  37. Article
    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

  38. Article
    string of lights

    Creating a sustainable cybersecurity management program

  39. Webinar
    ICFR for Revenue Recognition

    ICFR for Revenue Recognition

  40. Webinar
    abstract blue lights, dots

    ASC 606: Transition methods and effective dates

  41. Webinar
    Leases: How will it impact you?

    Leases: How will it impact you?

  42. Article
    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

  43. Article
    People walk on curved walkway between buildings

    AICPA proposes cybersecurity attest engagement

  44. Article
    Two railroad tracks merge en route

    Focus on these key areas within each community bank merger and acquisition stage

  45. Article
    FASB revises credit loss reporting rules for financial institutions

    FASB revises credit loss reporting rules for financial institutions

  46. Article
    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

  47. Article
    ASC 606, new revenue recognition standard, may impact broker-dealers

    ASC 606, new revenue recognition standard, may impact broker-dealers

  48. Article
    The ASC 606 transition: Allocating the transaction price to separate performance obligations

    The ASC 606 transition: Allocating the transaction price to separate performance obligations

  49. Webinar
    WEBINAR: ASC 606 (revenue recognition) transition: Determining the transaction price (consideration)

    WEBINAR: ASC 606 (revenue recognition) transition: Determining the transaction price (consideration)

  50. Webinar
    Equipment leasing – Strategies, best practices, and new leasing standards

    Equipment leasing – Strategies, best practices, and new leasing standards

  51. Article
    The ASC 606 transition: Determining the transaction price

    The ASC 606 transition: Determining the transaction price

  52. Comment Letter
    Proposed ASU: statement of cash flows, restricted cash

    Proposed ASU: statement of cash flows, restricted cash

  53. Article

    OCC standards require strict oversight of third-party relationships

  54. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  55. Article
    Looking up at buildings in a city

    AICPA changes to SOC 2: what service organizations need to know

  56. Article

    Revenue recognition requirements delayed one year

  57. Article
    Stack of reports

    Proposed revisions to the Trust Services Principles and Criteria are available for comment

  58. Article
    Transitioning to the 2013 COSO Framework

    Transitioning to the 2013 COSO Framework

  59. Comment Letter
    Baker Tilly Comment Letter to the FAF on the PCC

    Baker Tilly Comment Letter to the FAF on the PCC

  60. Article
    city skyline

    AICPA issues guidance on new mortality tables for nongovernmental employee benefit plans

  61. Article
    Lights speeding by with city buildings in the distance

    New Jersey law mandating health insurance data encryption may have broader implications

  62. Article
    Conference room in advance of board meeting

    Recent news insight: Morgan Stanley and the importance of quality internal controls

  63. Webinar

    Understanding your IT risks, security and vendor management webinar

  64. Case Study
    consultant reviews financial data on mobile devices

    SOC 2 report helps international printing company drive millions in sales

  65. Comment Letter

    Baker Tilly Comment Letter to the AICPA on the Enhancing Audit Quality Initiative

  66. Article

    Regulatory noncompliance is now a financial matter

  67. Article
    city skyline

    Cybersecurity: stay ahead of an evolving landscape

  68. Article

    Going Concern: FASB issues new standard on reporting adverse conditions and events

  69. Article
    Hikers climb a rocky path

    Cybersecurity: steps to take now

  70. Article
    Drone flies within city limits

    New NIST Cybersecurity Framework

  71. Article
    consultant reviews financial data on mobile devices

    Changes to the Trust Services Principles that Impact SOC 2

  72. Article
    Team reviews data analytics for organization

    Managing risk for third party relationships: Office of the Comptroller guidance

  73. Article
    Professionals walk and talk in transit to the next business meeting

    SOC reporting: what service organizations need to know

  74. Case Study

    Credit union relies on risk and internal audit expertise

  75. Comment Letter

    Baker Tilly Comment Letter to the AICPA on the Proposed Revision of Trust Services Principles and Criteria

  1. Jeff Krull

    Jeff Krull

    CPA, CISA, CITP

    Partner

  2. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Partner

  3. Garrett Gosh

    Garrett Gosh

    CPA, CITP

    Partner

  4. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  5. Andrew McCauley

    Andrew McCauley

    CPA, CISA

    Partner

  6. Greg Reda

    Gregory Reda

    Partner

  7. Bosco Yuen

    Bosco Yuen

    CPA, CISSP, CISA, CIA, CSX, CCSA, PMP

    Partner

Baker Tilly’s dedicated SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

SOC reporting was developed by the AICPA as a valuable tool for organizations to demonstrate to their customers and other key stakeholders their controls are working.

Which SOC report is right for your organization?

Connect with usarrowCreated with Sketch.

With several reporting options available, it is important to identify which SOC report is right for your organization. Reporting options include the SOC 1®, SOC 2®, SOC 3®, SOC for Cybersecurity and SOC for Supply Chain.

Four steps to a SOC exam

Step 1: Understand what the end-user entities needs included in the scope of the report
Step 2: Understand what is included in the system description 
Step 3: Start your readiness assessment
Step 4: Remediate control or documentation deficiencies before the examination period begins

Find out more about what SOC is and how an organization and its customers can benefit from the reports.

Watch this video

How long does it take to perform a SOC examination?

For organizations undertaking their first SOC examination, we strongly recommend performing a SOC readiness assessment with a qualified advisor prior to starting the examination period to help position the organization for a successful examination. The time frame can vary, but typically it takes 9-14 months from the time an organization starts the readiness assessment process, through an audit period, and ultimately to having a SOC report they can provide their customers.

The flexibility you need

Baker Tilly's SOC practice uses a variety of technology tools to streamline our service delivery model and make sharing documents and requests seamless. These tools can also make it easy for our SOC clients to work remotely and share documents and evidence needed as part of the SOC process with us. Our personnel are well versed in methods for facilitating video conferences, teleconference calls and live, online document-sharing sessions to perform SOC readiness and SOC examination services as efficiently (if not more than) if we were live on-site.

In many cases, remote SOC project services can deliver the same quality service while minimizing travel expenses and space constraints that can accompany on-site work. We also work on-site with our clients when it is more productive and beneficial.  If you are considering Baker Tilly for your SOC needs, let’s discuss these options together and how they could apply in your environment. If you already use Baker Tilly for your SOC needs, please talk with your engagement team about leveraging these tools to make the SOC process as efficient and effective as possible.

Connect with usarrowCreated with Sketch.
Your team was fantastic to work with again this year. I compliment the amazing team you have an am looking forward to next year!
Senior Vice President/Chief Technology Risk Officer of a large financial institution
Article
What's changed with SOC 2?

What's changed with SOC 2?

Article
Five person meeting

Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

Webinar
Bundle of fiber optic wiring

Transitioning between System and Organization Control (SOC) reports

Article
SOC reporting: what service organizations need to know

SOC reporting: what service organizations need to know

Article
Ethernet cables

System and Organization Controls (SOC): 20 questions with Baker Tilly

Case Study
Tall electrical tower

System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company