Internal Audit (IA) and Governance, Risk, and Compliance (GRC) professionals are often charged with reading SOC reports from service providers to gain an understanding of each vendor’s controls, but many may not know how you can also use these reports to also enhance, mature, and drive their own audit and governance functions.
Though the timeline of a completed report varies greatly based on numerous factors within your organization, a SOC 1 examination generally always moves through the same three phases of planning and preparation, fieldwork, and reporting stages.
Now that artificial intelligence (AI) has more fully engrained itself into the digital world and economy, it makes sense that the American Institute of Certified Public Accountants (AICPA)—as the organization that sets the most recognized auditing standards in the U.S.—would have an opinion on AI use, particularly in terms of the possibility of related SOC-compliance issues.
While in school, did you ever have a professor that would sneakily test on obscure materials? You could read the textbooks, but that material you assumed would be the bulk of an exam wasn’t mentioned—instead, your test questions were focused on the footnotes or some other material you weren’t aware of or clearly alerted to review beforehand.
“What am I looking at here?” Tony Montana asks George Sheffield that question during the classic gangster film Scarface after being arrested for tax evasion. Theoretically, Tony knows what he’s up against, but he wants his lawyer to be specific and explicit, so he knows exactly.
Prolific and unique musician MF Doom once said, “I'm always trying to show versatility. I'm juggling, and I'm flipping fire, and I'm chewing gum and rhyming at the same time... on a unicycle, while playing the drums.”
If you’ve ever skied before, you might know that anything can happen on a mountain. It might be your first time on the slopes or you might have traversed a certain run hundreds of times, but all it takes is a little loose powder, a wayward stick, or even another skier in your way to have you eating snow and nursing bruises.
These days, blockchain providers find themselves in an interesting position—you have a revolutionary service to offer, but the market is still coming around to it. You need a way to validate your product so they will. Luckily, there is something you can do—you can take the initiative to acquire a SOC report.