SOC Audits

Many service organizations depend on the integrity of their control environment to serve and protect their customers and business. Such services have been provided to clients in a number of industries, including application service providers, managed services companies, colocation facilities, network service bureaus, financial institutions, data processing centers, bank trust departments, credit unions, collections agencies, benefit plan administrators, third-party administrators, investment managers, hedge fund accounting services, payroll service bureaus, lockbox operations, and document solution providers.

Moss Adams provides high-quality verification of these control environments through SOC examinations. Engagements of this nature report on the effectiveness of the controls and safeguards in place, providing you with feedback that’s both independent and actionable. Our approach to staffing these audits is to combine industry-focused and seasoned auditors with operational and IT auditors capable of addressing your unique control environment requirements.

Related to our SOC service portfolio, we have extensive experience that includes:

  • SOC pre-audit gap analysis and readiness assessments
  • Coordination among management, user entities, and auditors
  • Coaching and review of client-prepared control objectives and narratives
  • Independent assistance to document client-defined control objectives and narratives
  • SOC 1, SOC 2, and SOC 3 examinations (both Type 1 and 2 audits)
  • SOC 2+ audits, including HIPAA, HITRUST, and the Gramm-Leach-Bliley Act  
  • SOC for Cybersecurity 
  • Dual reporting under AICPA attestation standards and ISAE 3402 for clients involved in international markets
  • Aligning SOC 2 and SOC 3 audits to leverage the Cloud Security Alliance Cloud Control Matrix
  • Conversion from 2014 to 2016 Trust Services Principles and the 2017 Trust Services Criteria for SOC 2 and SOC 3 audits
  • Compliance management by converging SOC, HIPAA, PCI DSS, ISO 27001, and other regulatory requirements
  • Implementation of SSAE No. 18 requirements

In addition, Moss Adams regularly provides thought leadership involving SOC audits. We sit on the AICPA Assurance Services Executive Committee (ASEC); serve on the ASEC Trust/Information Integrity Task Force, which helps update Trust Services Principles and Criteria; and participate in the development of SOC audit guides. We also frequently speak at national conferences on the topic of SOC auditing.


SOC Webcast Series

Learn more about the purpose of a SOC examination in our SOC Webcast Series. Our on-demand webcasts cover which report type is right for your business, how to prepare for the examination, and more.


Primary Contact