Baker Tilly
Contact us
typing on computer

System & Organization Controls (SOC) Reporting

Baker Tilly’s dedicated AICPA SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

System & Organization Controls (SOC) Reporting

  1. Webinar
    soc readiness prepare for soc examination

    SOC readiness: What it takes to prepare for a SOC examination

  2. Webinar
    due diligence with a SOC 2 examination

    How to bolster vendor due diligence with a SOC 2

  3. Article
    common challenges key considerations SOC report

    Common challenges and key considerations when using or reviewing a SOC report

  4. Article
    Business meeting at conference table with professionals walking by

    SOC FAQ

  5. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  6. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  7. Resource
    hands working on report

    Which SOC report is right for your organization?

  8. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  9. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  10. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  11. Webinar
    Team meeting analyzing data

    SOC 2 for startups: what you need to know to be prepared for a SOC 2 audit

  12. Article
    Lights reflecting on building exterior

    Lessor issues: implementing the new leases accounting standard

  13. Webinar
    Leveraging SOC 2® reports to meet stakeholder expectations

    Leveraging SOC 2® reports to meet stakeholder expectations

  14. Multimedia
    Vascular Solutions testimonial

    System and Organization Controls (SOC) overview

  15. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  16. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  17. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  18. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  19. In the News

    Auditors plan deeper dives into outsource provider reports

  20. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  21. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  22. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  23. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  24. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  25. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  26. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  27. Webinar
    Architecture details, glass windows

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  28. Whitepaper

    ASC 606 Revenue Recognition e-book

  29. Article
    The test for goodwill impairment gets easier

    The test for goodwill impairment gets easier

  30. Article
    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

    ASC 606 (revenue recognition) transition: The role of internal control over financial reporting (ICFR) and auditor expectations

  31. Article
    string of lights

    Creating a sustainable cybersecurity management program

  32. Webinar
    ICFR for Revenue Recognition

    ICFR for Revenue Recognition

  33. Webinar
    abstract blue lights, dots

    ASC 606: Transition methods and effective dates

  34. Webinar
    Leases: How will it impact you?

    Leases: How will it impact you?

  35. Article
    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

    The ASC 606 (revenue recognition) transition: Effective dates and transition methods

  36. Article
    Two railroad tracks merge en route

    Focus on these key areas within each community bank merger and acquisition stage

  37. Article
    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

    The ASC 606 transition: Recognizing revenue as each performance obligation is satisfied

  38. Article
    ASC 606, new revenue recognition standard, may impact broker-dealers

    ASC 606, new revenue recognition standard, may impact broker-dealers

  39. Article
    The ASC 606 transition: Allocating the transaction price to separate performance obligations

    The ASC 606 transition: Allocating the transaction price to separate performance obligations

  40. Webinar
    WEBINAR: ASC 606 (revenue recognition) transition: Determining the transaction price (consideration)

    WEBINAR: ASC 606 (revenue recognition) transition: Determining the transaction price (consideration)

  41. Webinar
    Equipment leasing – Strategies, best practices, and new leasing standards

    Equipment leasing – Strategies, best practices, and new leasing standards

  42. Article
    The ASC 606 transition: Determining the transaction price

    The ASC 606 transition: Determining the transaction price

  43. Comment Letter
    Proposed ASU: statement of cash flows, restricted cash

    Proposed ASU: statement of cash flows, restricted cash

  44. Article

    OCC standards require strict oversight of third-party relationships

  45. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  46. Article
    Looking up at buildings in a city

    AICPA changes to SOC 2: what service organizations need to know

  47. Article

    Revenue recognition requirements delayed one year

  48. Article
    Transitioning to the 2013 COSO Framework

    Transitioning to the 2013 COSO Framework

  49. Article
    Lights speeding by with city buildings in the distance

    New Jersey law mandating health insurance data encryption may have broader implications

  50. Case Study
    consultant reviews financial data on mobile devices

    SOC 2 report helps international printing company drive millions in sales

  51. Article

    Regulatory noncompliance is now a financial matter

  52. Article

    Going Concern: FASB issues new standard on reporting adverse conditions and events

  53. Article
    Drone flies within city limits

    New NIST Cybersecurity Framework

  54. Article
    consultant reviews financial data on mobile devices

    Changes to the Trust Services Principles that Impact SOC 2

  55. Article
    Professionals walk and talk in transit to the next business meeting

    SOC reporting: what service organizations need to know

  56. Case Study

    Credit union relies on risk and internal audit expertise

  1. Jeff Krull

    Jeff Krull

    CPA, CISA, CITP

    Partner

  2. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Partner

  3. Garrett Gosh

    Garrett Gosh

    CPA, CITP

    Partner

  4. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  5. Andrew McCauley

    Andrew McCauley

    CPA, CISA

    Partner

  6. Greg Reda

    Gregory Reda

    Partner

  7. Bosco Yuen

    Bosco Yuen

    CPA, CISSP, CISA, CIA, CSX, CCSA, PMP

    Partner

Baker Tilly’s dedicated SOC specialists perform hundreds of SOC engagements each year and help clients with their SOC reporting needs across a wide variety of industries.

SOC reporting was developed by the AICPA as a valuable tool for organizations to demonstrate to their customers and other key stakeholders their controls are working.

Which SOC report is right for your organization?

Connect with usarrowCreated with Sketch.

With several reporting options available, it is important to identify which SOC report is right for your organization. Reporting options include the SOC 1®, SOC 2®, SOC 3®, SOC for Cybersecurity and SOC for Supply Chain.

Four steps to a SOC exam

Step 1: Understand what the end-user entities needs included in the scope of the report
Step 2: Understand what is included in the system description 
Step 3: Start your readiness assessment
Step 4: Remediate control or documentation deficiencies before the examination period begins

Find out more about what SOC is and how an organization and its customers can benefit from the reports.

Watch this video

How long does it take to perform a SOC examination?

For organizations undertaking their first SOC examination, we strongly recommend performing a SOC readiness assessment with a qualified advisor prior to starting the examination period to help position the organization for a successful examination. The time frame can vary, but typically it takes 9-14 months from the time an organization starts the readiness assessment process, through an audit period, and ultimately to having a SOC report they can provide their customers.

The flexibility you need

Baker Tilly's SOC practice uses a variety of technology tools to streamline our service delivery model and make sharing documents and requests seamless. These tools can also make it easy for our SOC clients to work remotely and share documents and evidence needed as part of the SOC process with us. Our personnel are well versed in methods for facilitating video conferences, teleconference calls and live, online document-sharing sessions to perform SOC readiness and SOC examination services as efficiently (if not more than) if we were live on-site.

In many cases, remote SOC project services can deliver the same quality service while minimizing travel expenses and space constraints that can accompany on-site work. We also work on-site with our clients when it is more productive and beneficial.  If you are considering Baker Tilly for your SOC needs, let’s discuss these options together and how they could apply in your environment. If you already use Baker Tilly for your SOC needs, please talk with your engagement team about leveraging these tools to make the SOC process as efficient and effective as possible.

Connect with usarrowCreated with Sketch.
Your team was fantastic to work with again this year. I compliment the amazing team you have an am looking forward to next year!
Senior Vice President/Chief Technology Risk Officer of a large financial institution
Article
What's changed with SOC 2?

What's changed with SOC 2?

Article
Five person meeting

Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

Webinar
Bundle of fiber optic wiring

Transitioning between System and Organization Control (SOC) reports

Article
SOC reporting: what service organizations need to know

SOC reporting: what service organizations need to know

Article
Ethernet cables

System and Organization Controls (SOC): 20 questions with Baker Tilly

Case Study
Tall electrical tower

System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company