Meet your evolving needs with three integrated business lines in one professional services firm.

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.

Service Organization Controls (SOC) Examinations

Two Businessmen Analyzing Data

Feel confident that your internal controls are adequate, effective, and in compliance.

A SOC engagement provides assurance to client user organizations that controls have been suitably designed based on services provided, types of data processed, and the overall operating environment.

What's on your mind?

  • Systems associated with service delivery are secure, available as committed, and maintain privacy and confidentiality of data
  • Data is protected based on appropriate administrative, technical, and physical controls
  • Internal controls are adequate and effective to ensure processing integrity
  • Demonstrate compliance with applicable regulatory requirements including:
    • Security rule of HIPAA and HITECH Act
    • Section 404 of the Sarbanes Oxley Act of 2002 (SOX 404)
    • FISMA (Federal Information Security Management Act)

A unique approach 

Organizations that depend on external business partners to perform a segment of service delivery are becoming more diligent in evaluating the service provider’s internal control environment. A SOC1 or SOC2 (SSAE16) examination (formerly known as SAS 70) can provide that assurance.

From the initial readiness phase to final control testing and reporting, our professionals will collaborate with service organization personnel to recommend ways to strengthen the control environment and prepare for an attestation examination.

CLA has the industry, accounting, audit, security, and technology management knowledge to assess internal controls and security measures and determine if business goals and service delivery may be at risk.

We have significant experience evaluating technical infrastructure controls applicable to networks, servers, workstations, and other devices as well as application system(s) and underlying database(s) that maintain client data. We also analyze controls related to the physical environment and organization management for design and effectiveness.

Service organization controls (SOC) examination services

Whether this is your first pursuit of an assurance engagement or your service organization is looking to change service auditors, CLA can help by:

  • Determining if SOC1 or SOC2 is most appropriate to satisfy the needs of user organizations
  • Assessing design of controls to meet control objectives or principles
  • Providing recommendations to remediate control gaps
  • Documenting the system description
  • Performing tests of controls associated with attestation
  • Issuing a SOC1 or SOC2 report that meets your needs