SOC (Service Organisation Control) is a report by independent external experts, which contains information about the methods of implementing key management mechanisms and shows to what extent the problem-solving process complies with international standards. Such a report makes it possible for the organisation’s existing and potential customers to assess and reduce the risks associated with the outsourcing of a particular function. The assessment of an outsourcing vendor’s controls over processing financial statement data for compliance with SSAE18 and ISAE3402 is carried out by an independent auditing company.
In addition, if an outsourcing company has a SSAE18/ISAE3402 compliance report, then its customer can reduce the costs of its own audits, since some of the controls have already been checked, and the client’s auditor may take an opinion on them from the existing report. Therefore, the proven SSAE compliance is a strong competitive advantage when working with large businesses.
According to Galina Shablinsksaya, Director for Customer Relations, BDO Unicon Outsourcing, the receipt of the SOC 1 combined report is an important event for the company. This shows the attention of the organisation’s employees to the quality of the services provided and the company management’s drive to develop the service.
-
SSAE 18 specifies requirements for production or process controls maintained at service organisations in performance of their business operations or upon completion thereof.
-
ISAE 3402 regulates the issues of checking internal controls at a company (service organisation) in terms of services provided by the company to its customers and associated with the customers’ financial reporting process.
