SOC Reports

Provide assurance around your financial and data controls.

Service organizations can create significant efficiencies and advantages for their clients. But they can also be a source of risk – data risk, operational risk, audit and compliance risk, privacy risk and more.

That’s why many outsourcing companies, as part of their due diligence, will seek assurance that a vendor’s controls and processes are built around best practices that will meet their compliance needs. A System and Organization Controls (SOC) report for service organizations can provide such assurance.

Using attestation standards developed by the American Institute of Certified Public Accountants, experienced LWBJ professionals produce SOC reports and accompanying opinions that help satisfy client due diligence needs. The process, itself, can provide valuable insights to help improve both the security and operating efficiency of a service organization’s business.

There are a number of factors to consider in determining the most appropriate SOC framework and options for your organization, as well as how to get started.

For more information, email

SOC Readiness Assessment: A Valuable First Step
It takes significant time and resources to conduct a SOC examination. And without adequate preparation, the results can fall short of your client companies’ expectations.

The LWBJ team can provide an independent assessment of your level of preparedness. The assessment will not only help assure that you’re prepared for a successful examination, it can often identify areas for valuable improvement in your business.

SOC 1 Report: Financial Reporting Controls & Compliance
Clients need to understand how your process controls might affect their own internal controls over financial reporting. They need to be sure that your controls are working as promised and that the data flowing into their financial statements is accurate and complete.

An independent SOC 1 report can assure that these due diligence requirements will be met. It builds trust and confidence among your clients, while helping you lay the foundation for strong, growing client relationships.

SOC 2 Report: Data Security & Operational Controls
Is your organization secure? Can you prove it? The SOC 2 report focuses on your non-financial reporting controls, as they relate to security, availability, processing integrity, confidentiality or privacy. It assures that you’re securely managing data to protect the interests of your client companies and their customers.

SOC 2 reports can play an important role in your client companies’ vendor management programs, corporate governance and risk management processes, and regulatory oversight.

SOC 3 Report: Simple Assurance around the Trust Services Criteria
This is a simplified version of the SOC 2 report that can be used in marketing your organization’s services.

It provides assurance related to your controls over security, availability, processing integrity, confidentiality or privacy, but it does not include the details provided as part of a SOC 2 report.

Partners & Key Associates

Maureen Dockstader, CPA


Mike DeKock, CPA

Stacie Grimm, CPA