Category: Technology

Service Organization Control Series Part III: Basics of SOC 3

A Service Organization Control (SOC) report is an internal control report that allows an organization to assess the risks associated with outsourcing. The new framework for SOC reporting presented SOC 3 report, which will show whether or not a service organization attained any of the Trust Service Principles and Criteria. Trust Service Principles are concentrated on e-commerce system due to the fact that massive amount of information that regularly circulate on the internet. The said information is either confidential or related to finances. Reports that are derived from trust principles are known as WebTrust, which can be classified as WebTrust, WebTrust…

Service Organization Control Series Part II: Effective Use of SOC 2

Service Organization Controls (SOC) 2 reports intend to cater for the needs of the management of a service organization, user entities, and other parties for information regarding the IT controls of the service organization. These reports particularly address issues and other related concerns touching on Security, Availability, Processing Integrity, Confidentiality, or Privacy. For user entities, Service Organization Control 2 reports play an important role in managing their vendor programs. In addition, through Service Organization Control 2 reports, user entities will have comprehensive information about the design and operating efficiency of the controls of a service organization. With Service Organization Control…

Service Organization Control Series Part I: Effective Use of SOC 1

Service Organization Control reports allow companies to outsource to a service entity various duties and responsibilities that are relevant to their business, including functions that are essential to their daily business undertakings. In effect, the organization is able to minimize its costs while increasing its core competencies. However, the American Institute of Certified Public Accountants reported that each time user entities outsource tasks from service organizations, the service firms’ risks also become the user entities’ risks. The increasing demand for outsourcing, and the risks associated with it, has led to a more formalized system of monitoring and supervising the processes of…

Service Organization Control Series Part I: Basics of SOC 1

Service Organization Control practices relate to a world of privacy breaches and fraud, where service organization control have come under the scrutiny of the government to ensure the confidentiality and integrity of user entities’ sensitive data.  Security and compliance are critical and it is important for service organizations to be able to demonstrate they are in compliance as well as to show the accuracy of their systems. That is why most service organizations choose to hire an independent CPA to examine and report on the controls within the business. These reports will be made in accordance with the Statement on Standards…

Implementing XBRL

By the end of this year, all public companies will be required to file their financial statements with the SEC using eXtensible Business Reporting Language (XBRL). Regulators around the globe believe that XBRL provides for greater transparency in financial reporting. Even though this requirement does not apply to private companies, making use of the power of XBRL is worth considering for all sized companies. Interactive Financial Information Basically, XBRL is a means to automatically report financial information in an interactive format that can be used by anyone. It tags accounting information directly from the general ledger so it can be…