Readi Consulting provides customized services staffed with seasoned CPAs who have managed SOC and IT audit practices for large accounting firms and have performed SOC readiness and attestation engagements for Service Organizations across diverse and complex platforms in a variety of industries.
SOC Solutions Provided
SOC 1, SOC 2, and SOC 2 Plus
SOC 1, SOC 2 & SOC 2 Plus
Readi Consulting will work as part of the management team to:
- Provide a plan that will delineate the personnel, time, and resources required for the SOC Readiness engagement.
- Manage the project form the onset of the Readiness engagement to the completion of gap remediation.
- Perform walkthroughs of processes and related key controls which will include inquiry of personnel, review of existing documentation, and observation of processes and related key controls. Based on these walkthroughs, we will:
- scope and define the boundaries of the systems for the SOC engagement
- determine the required elements for the management assertion
- summarize the Company’s operations, systems, and control environment
- identify and document third-party service providers in scope
- prepare a summary of the key technology and data flows
- identify and document control objectives, risks to achieving those control objectives, and controls in place to mitigate the risks, including relevant complementary user entity and service organization control considerations (SOC 1®)
- identify and document trust service principles and criteria, risks to achieving the trust service principles, and controls in place to mitigate the risks, including relevant complementary user entity and service organization control considerations (SOC 2®)
- identify and document trust service principles and criteria, risks to achieving the trust service principles, controls in place to mitigate the risks and mapping of controls to compliance framework requirements, including relevant complementary user entity and service organization control considerations (SOC 2 Plus)
- review the entity-level risk assessment and map to business risks that are in scope
- review existing policies and procedures to determine the consistency of documentation with the actual operating environment and cross-reference to control objectives
- review populations and record retention procedures to determine whether populations and supporting documentation are available and appropriate for the attestation period
- Prepare SOC-specific documentation which will be used as sections and/or exhibits in your SOC Attestation report.
- Identify and document potential gaps in the control environment, including procedures, controls, and documentation that require remediation prior to the SOC Attestation engagement.
- Develop a plan and provide guidance for gap remediation, risks, and improvement opportunities resulting from identified gaps.
- Assist in the selection of a Service Provider to perform the SOC Attestation engagement.