« A Look Inside the Business of American Indian Gaming | Main | How CPAs Can Manage Vendors and Still Focus on Their Core Business »

Before Your Clients Run to the Cloud, Remember SOC

Service-organization-control-markYou keep hearing about “the cloud.” You have read articles and attended conference sessions encouraging the use of cloud services. It is clear that the cloud is increasingly becoming a part of our business processes and solutions. Your clients are starting to clue in. This is for good reason. The cloud may enable them to reduce costs, better use their resources and perform more efficiently.

As your clients seek cloud services, how are you advising them?

Your clients should understand the importance of Service Organization Control reports. It is essential that they have trust in their cloud service providers and are assured that their information is being protected by the necessary security, availability, processing integrity, confidentiality, privacy controls and/or internal controls over financial reporting.

Before engaging a service organization, your clients should make sure the provider has SOC reports available. These reports provide your clients’ management with the information needed about the service organization’s controls to help assess and address the risks associated with outsourced services.

Have you considered expanding your practice with SOC engagements?

As CPAs, we not only advise clients about going to the cloud, we also evaluate those cloud service providers. CPAs issue SOC reports, which provide users of cloud services with important risk management information regarding the cloud service provider’s controls.

My firm has had a great deal of success performing SOC engagements. These engagements can provide your firm the ability to:

  1. Broaden your client base with a practice area that is year-round.
  2. Demonstrate innovation, which in turn will distinguish your firm from other firms in your area.
  3. Attract new technologically savvy talent.
  4. Increase variety in your staff’s work by offering a wide array of provided services.

Since you are the trusted business adviser to clients seeking or curious about cloud services, why not turn to SOC engagements? This niche area is rife with opportunity and may give your firm a competitive advantage. To learn more about SOC engagements, including the recently revised AICPA Trust Services Principles and Criteria, visit aicpa.org/SOC. For information on SOC School and SOC related products, visit the AICPA Store's SOC webpage. Additionally, the AICPA has created a free toolkit for CPA firms, a free toolkit for service organizations, and a free educational webpage for users.

Audrey Katcher, CPA, CITP, Risk Services Partner and Cloud Assurance Advisor, RubinBrown LLPAudrey provides internal and cloud control consulting and SOC services. She serves on the AICPA Information Management and Technology Assurance Committee, the SOC subcommittee, the AICPA Data Integrity Task Force and the Cloud Security Alliance.


Comments are moderated. Please review our Comment Policy before posting.


Subscribe in a reader

Enter your Email:

CPA Letter Daily