© Scott S. Perry, CPA, PLLC.

SOC AUDIT methodology

The following diagram shows services that Scott S. Perry CPA, PLLC can deliver for your Service Organization within all phases of its life-cycle

OPERATIONAL

MATURE

STARTUP

PRE-STARTUP

EDUCATE
PRE-AUDIT
REMEDIATE
SOC 1 or 2 TYPE 1 AUDIT
SOC 1 or 2 TYPE 2 AUDIT
OPTIMIZE
Service Organization Life-Cycle Compliance Services

Creating an Auditable Control Structure

Interview Key Players

Improve Technical Infrastructure

Assess Operations Against SSAE 16 or TSP 100

Assess Operations Against SSAE 16 or TSP 100
Tune Offerings

Control Requirements

Review Documents

Generate Policies / Procedures

Interview Key Players
Interview Key Players
Automate Controls

SOC Type Consultation

Observe Operations

Assess & Recommend Vendors

Review Documents
Review Documents
Refine Processes
Governance Establishment

Assess Risk

Segregate Duties

Observe Operations
Observe Operations
Implement Toolsets

Best Practices Comparison

Develop Governance Practices

Attest at Point of Time
Attest Over Period of Time
Create Feedback Loops


Service organization control (SOC) audits 

The following chart shows just some of the approaches that Scott S. Perry CPA, PLLC uses in all phases of a typical SOC audit.