System and Organization Controls (SOC) Reports


Give your customers confidence in your services by obtaining a System and Organization Controls (SOC) Report that demonstrates your organization’s strength.


In an unpredictable economy, all organizations—especially those that are service based—need to demonstrate that they have control of information passing through their organization. Having strong internal controls over processes is essential to customers who are relying on your services, and obtaining a SOC report will offer that confidence to not only your customers, but all of your stakeholders as well.

When you trust Sikich to perform a SOC engagement, you will receive a report to relay information to your customers and demonstrate your commitment to internal controls and effective operations.

In the highly regulated environment of employee benefits, you, as a plan sponsor, must have confidence in your employee benefit plan audit – and auditors.

Learn More

Maintain compliance with the United States Department of Education, Student Financial Aid and other governmental regulatory requirements with our Title IV audit expertise.

Learn More

From reviews and compilations to single audits and agreed upon procedures, Sikich can help your organization meet your financial reporting needs.

Learn More

Regardless of the nature of your operations, nearly all organizations have to implement the new and complex lease accounting standards – which will dramatically change how you account for some leases. Are you ready?

Learn More

As a banker, it is your responsibility to lend with knowledge and confidence. To best protect your assets, first, you must understand your investment. A field exam, or objective evaluation of collateral through a disciplined process of risk assessment, can help solidify your lending practices.

Learn More

Service Overview SOC Reports


Service auditor reporting has evolved in recent years into a framework of three System and Organization Controls (SOC®) reports. This change provides service organizations the opportunity to select the most appropriate reporting option for their customers, depending on their specific needs. In general, the new service auditor reporting framework is focused as follows:

A SOC 1® examination is focused on the controls related to financial statement reporting. Companies that have outsourced critical functions that impact financial reporting need to assess controls over outsourced functions in the same manner as if activities were performed in-house; therefore, they typically require a SOC 1® report. Management of the service organization is required to provide a “written assertion” for inclusion in the report.

The SOC 2® report has been designed to address controls other than those relevant to financial reporting; this report is often most appropriate for technology and cloud service providers. This audit is governed by a set of Trust Services Principles and Criteria that include Security, Availability, Processing Integrity, Confidentiality or Privacy. This is a restricted-use report, intended for management, customers, and their financial auditors.

The SOC 3® report covers the same subject matter as SOC 2® (i.e., the Trust Services Principles and Criteria), but provides a simple, publicly available report as the final deliverable.


Have your customers requested independent, third-party verification of your internal control environment or access to your facility to perform audit procedures? Or are you looking into a report for competitive reasons? No matter the reasoning, Sikich can help your team navigate the reporting options and determine the best fit for your organization.