Issuance of SOC report (Assurance for Internal Control)
With the widespread usage of cloud services, applications such as payroll and financial accounting services have become common. In this environment, if troubles occur within the service provider company, it could result in a loss of trust and significantly damage business operations of service users. Therefore, it is natural for users to want to minimize the risk of such troubles when selecting a provider.
However, even if the work is outsourced and the application is provided by external vendor, the responsibility for internal control lies with customer, who is the service user. Consequently, it may be necessary to evaluate the effectiveness of internal controls within the service-providing company. Therefore, the “SOC (System and Organization Controls) report” is required to assure the appropriateness of control procedures for the related stakeholders.
The SOC report is issued by third-party organizations such as auditing firms. It indicates evaluation of internal controls in the outsourced company or effectiveness of IT processing control installed in the service provider.
Our advantageous points
If you are a listed entity, it would be better to ask a statutory auditor for issuance of the SOC report. Because it is efficient for the auditor to conduct audit procedures for the financial statements and internal control simultaneously.
However, for a non-listed entities requested to submit a SOC report by overseas clients, obtaining third-party assurance for its system’s internal controls would be pretty tough because it does not get audited normally. We perform audit services upon request from overseas clients and handle a wide range of assurance for internal control or IT processing from relatively SME contractors to large-sized providers. And then, we also issue SOC reports in English.
Example of the company encouraged to reach out
Non-listed service providers requested to submit SOC reports by a big firm
Service providers required to submit SOC reports upon request from a foreign entity
Service providers seeking issuance of a SOC report in English