<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

LIVE WEBINAR: SOC for Software - How SOC for Supply Chain Reduces Software Risk | July 29th

Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
AVANI DESAI

By: AVANI DESAI on January 31st, 2013

Print/Save as PDF

HR and Payroll Service Providers Benefit from Attestation and Compliance Reports

SOC 2 | SOC Reports | BrightLine | SOC 1

Source - Workforce Management Channel

Today’s business environment is compliance heavy, under continuous scrutiny and intertwined with customer and legislative requirements. However, companies must still ensure compliance with the myriad of standards, requirements, laws, and regulations, such as SSAE 16 Examination (SOC 1), SOC 2/3 Examination, ISO Certification, FedRAMP Assessment, and hundreds more, across all areas of governance and programs.

As human resource and payroll service providers, or provider of any workforce management solutions, you must reassure customers about the security and integrity of their data stored within your environment. Being able to deliver a level of comfort to customers around financial, corporate, and personal information is the foundation of information security compliance and can be a significant differentiator from competitors.

That said, the compliance method highlighted here is the SSAE 16 examination, also referred to as a Service Organization Control (SOC 1) report. The SOC 1 report is an internationally accepted third party attestation report that is specifically designed for service organizations. A SOC 1 report provides service organizations and customers with a benchmark to compare internal controls and processes to industry standards. SOC 1 examinations are performed when the provider’s services are relevant to their customers’ internal controls over financial reporting. For human resource and payroll service providers, the report would include both information technology controls and transactional controls, for example, to help ensure that records are complete and accurate in recording account balances.

There are two types of SOC 1 reports. The service organization is responsible for specifying whether or not a “Type 1” or “Type 2” will be performed. A “Type 1” SOC 1 examination is performed when management requires a report on the fairness of presentation of the service organization’s internal controls over financial reporting and the suitability of the design of controls as of a specified date. A “Type 2” SOC 1 examination is performed when management requires a report on the fairness of presentation of the service organization’s internal controls over financial reporting and the suitability of the design and operating effectiveness of controls over a period of time, typically six months.

The most efficient way to give comfort to customers is providing a third party assurance report.

Service providers going through the examination process for the first time may opt to perform a readiness assessment, which simulates a SOC 1 examination. The readiness assessment identifies the controls that are believed to be in place and operating effectively for each applicable objective, and identifies relevant controls that are either not in place, or that are believed to be in place but are judged to be ineffective.

Your company may decide down the path of a SOC 1 report based on a request or a contract, however don’t let that cloud your views on the several key benefits of obtaining the report:

  • Build trust and confidence with current and potential customers
  • Attain independent, third party assessment of controls
  • Provide a single examination to fulfill multiple customer requests
  • Obtain confirmation that controls in place are as management expects
  • Increase of market share

We have seen the requests for human resource and payroll service providers to obtain a SOC 1 report increase with the heightened awareness of outsourcing risks, internal controls, data security incidents, regulatory compliance, and contractual obligations. Corporate governance boards and even shareholders want to see third party assurance over companies’ outsourced operations because of the inherent risk of outsourcing business functionality. The most efficient way to give comfort to customers is providing a third party assurance report. As such, many organizations have found it to be worthwhile to complete a SOC 1 examination before customers require it.

 

About AVANI DESAI

Avani Desai is the President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.