Conrad LLP
  • Home
  • About Us
  • Services
    • Construction Costs
    • Financial & Performance Audits
    • Grant & Contract Audits
    • Incurred Costs Audits
    • Indirect Cost Rates
    • Non-Appropriated Funds
    • Investment Manager Compliance
    • SOC / SSAE 16 Examinations
  • Industries
    • Government
    • Healthcare
    • Pension Funds
    • Real Estate
    • Transportation
  • Careers
  • Contracting
  • Contact Us

SOC / SSAE 16 Examinations

More and more companies are outsourcing certain functions to service organizations. With that comes risk. Service organizations are being asked to provide assurances to their customers that their controls over financial reporting, IT security, availability, processing integrity, confidentiality, or privacy are adequate. SOC audit reports can meet these demands, as well as be an effective marketing tool to differentiate your service organization from competitors, attract new clients, and strengthen existing client relationships.
Picture
SOC 1 Reports (formerly SAS 70s) are for your customer’s financial reporting purposes. The audits usually cover Information Security, IT Change Control, IT Operations, and Business Processes that are relevant to the outsourced process.

SOC 2 and SOC 3 Reports are for both you and your customer’s compliance needs, marketing purposes, and management’s piece of mind. The audits can cover Security, Availability, Processing Integrity, Confidentiality, or Privacy. The audits can also be tailored to cover compliance requirements such as Graham Leach Bliley Act, HIPAA, PCI, Privacy, Cloud Security Alliance Controls, ISO frameworks, and more.

Conrad LLP can perform SOC / SSAE 16 examinations for the following service organizations:
  • Application Service Providers
  • Claims Administrators
  • Data Centers
  • Third Party Administrators
  • Payroll Providers
  • Trust Departments
  • Web Hosting Providers
  • Cloud Computing
  • Customer Support
  • Managed Networks and Computing Systems
  • IT Outsourcing
  • Health Care Claims Management
  • and more

Three levels of SOC Audit Services


Readiness Assessment
A Readiness Assessment is designed to assess a service organization’s preparedness for a Type II audit by identifying internal controls that should be implemented or improved prior to an audit being performed.

Type I Audit
A Type I audit reports on management’s description of a service organization’s system and the suitability of design of controls. A Type I report is generally used if 1) the service organization needs a report in a short period of time (e.g., fulfill to an RFP), 2) it is the service organization’s first time going through the audit process, or 3) the service organization’s customers do not require an audit and therefore is using for marketing purposes.

Type II Audit
A Type II audit reports on management’s description of a service organization’s system and the suitability of design and operating effectiveness of controls. A Type II audit is the preferred report for service organizations as it generally satisfies its user organization auditor’s requirements.

Quick Links

About Us
Services
Industries
Careers
Contracting

Contact Us

23161 Lake Center Drive, Suite 200
Lake Forest, CA 92630
P: 949.552.7700
Contact Form
Secure File Transfer
© COPYRIGHT CONRAD LLP 2022. ALL RIGHTS RESERVED.