NDNB is Southern California’s leading provider of SSAE 18 SOC 1 compliance audits, offering fixed fees for both SOC 1 Type 1 and SOC 1 Type 2 assessments for businesses all throughout San Diego, Orange County, Los Angeles, Santa Barbara, and other select locations. With today’s continued growth of massive regulatory compliance mandates, Southern California businesses are being forced to undertake annual audits & assessments – such as SSAE 18 SOC 1 – and NDNB is ready to assist in providing efficient, high-quality, and cost-effective services and solutions.
SOC 1 Compliance Auditors | Southern California | Fixed Fees
One of the most common questions we receive from Southern California businesses is which audit should they be performing, a SOC 1 assessment or possibly a SOC 2 assessment, and it’s a valid question. For clarity, remember that SOC 1 audits are generally imposed on service organizations that have the ability to impact financial reporting on behalf of their clients, such as transactions undertaken that could impact revenue reporting, balance sheet information, cash flow models, etc. As for SOC 2 assessments, they’re aimed directly at businesses that rely heavily on information technology as their core business, such as data centers, SaaS entities, and more.
SOC 1 Compliance Auditors | Southern California | Start with a Readiness Assessment
Diving right into a SSAE 18 SOC 1 audit – if you’ve never done one before – is not recommended, and it’s why NDNB suggests undertaking a readiness assessment for Southern California service organizations new to the SOC framework. Why, because a SSAE 18 SOC 1 readiness assessment – when conducted properly – helps assess scope, determine which Trust Services Principles to test for, identifies internal control deficiencies, and more. The result is long-term audit savings, efficiencies, and a well-planned SSAE 18 SOC 1 assessment from beginning to end. Notable elements of an SSAE 18 SOC 1 readiness assessment for Southern California businesses include the following:
Determining Scope: what specific businesses processes within the service organization are in scope – the entire company, or just a certain segment or unit – this is important to determine early on. Additionally, are there any functions being conducted that relate to the ICFR component, effectively known as “Internal Controls over Financial Reporting”? For example, does your business conduct activities that directly impact the financial reporting for your clients – if so – this need to be assessed within the scope of an SSAE 18 SOC 1 report.
Develop Control Objectives: Another benefit of an SSAE 18 SOC 1 readiness assessment is the ability to work collaboratively with a CPA firm in developing and finalizing all necessary control objectives for the actual audit. This would include both business process control objectives & ICFR controls (if applicable), along with general control objectives for information technology, commonly known as ITGC. Additionally, the supporting tests for control objectives – known as control specifications – will also need to be developed.
Where to test: You’re undergoing an audit, which means auditors have to interact with personnel, conduct procedures, and other necessary activities, so it’s important to determine which facilities and location are in scope for an SSAE 18 SOC 1 report. Travelling in today’s world can be incredibly time-consuming and costly, which is an important element to remember when scoping for an SSAE 18 SOC 1 audit. NDNB will help assess which locations are in scope, why, and what’s needed from each location.
Policies: What’s the biggest and often most challenging aspect of SSAE 18 SOC 1 compliance for Southern California businesses – providing auditors with policies and procedures – that’s right, it’s often the biggest gap identified during a readiness assessment and its even further proof of why such an exercise is necessary before the audit even begins. NDNB also offers a complimentary SOC 1 Policy Packet to each and every client we work with – now that’s a big differentiator over other CPA firms.
It’s about Security: Doing an audit just for the sake of compliance is the wrong mindset – it really is – because it should actually be about ensuring the complete security of one’s entire digital assets and footprint. With that said, NDNB provides recommendations not just for SSAE 18 SOC 1 compliance for Southern California businesses, but also those that align with today’s emerging cybersecurity threats. That’s the NDNB difference!
Looking for a high-quality CPA firm in Southern California for SSAE 18 SOC 1 compliance? If so, contact the experts today at NDNB and receive a competitively priced, fixed fee quote today.
NDNB has been working with Southern California businesses for years, building a true household name when it comes to regulatory compliance. Call Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 to learn more about SOC 1 assessments, and all other services provided.