FAQ. (Or, you are not alone)
You may have arrived at our website because a customer or prospect asked you to provide a SOC 1 or SOC 2 audit. Here are a few questions and answers which may ease your mind a bit and help determine if we are the right CPA firm for you:
1. A customer of ours just told us we have to get a SOC 1 or SOC 2 audit as soon as possible. Why are we being asked to get this and what are the benefits of getting a SOC audit completed?
Answer: Because of Sarbanes-Oxley legislation, SOC audits have become a "must have" for companies that provide outsourced services. The reason for this is simple. In order to comply with very stringent Sarbanes-Oxley requirements on their end, your customers need independent validation from a CPA firm that your internal processes and IT controls are sound and working as intended. In some cases, if you are unable to provide either a SOC 1 or SOC 2 audit, you may risk losing business from that customer or prospect.
However, once you complete a SOC audit, you may choose to use it as a marketing tool to differentiate your company from your competitors. We've seen many examples where a SOC audit helped clients actually gain new customers.
2. I'm not sure how to prepare for this audit or exactly what to expect. For instance, how many days will you be on site doing the field work for our SOC audit? And, we do this remotely if we don't have an office?
Answer: We will be glad to send you some information summarizing exactly what to expect and steps to take to begin preparation - simply send a request to [email protected]. Typically, we spend one day at a client site performing field work. Or we simply use screen sharing services like Zoom or Teams to perform remote testing instead of a visit to your location. We utilize remote information gathering and testing as much as possible so we can minimize the disruption to your business.
3. How much do you charge for a SOC 1 or SOC 2 audit?
Answer: Our fees depend primarily on the complexity of your control environment and the time it takes to test that these controls are performing as intended. We encourage you to use our "Get A Quote" form to receive a no-obligation price quote for your audit. We have developed a business model and audit process which enables us to keep our rates reasonable to specifically serve the small business market.
4. Since you audit "small businesses", what do you consider small?
Answer: Typically, our clients are privately-held businesses with 1 to 200 employees. In some cases, we will provide services to a larger business.
5. I've read that SOC 1 and SOC 2 audits can be either "Type 1" or "Type 2" - what does this mean?
Answer: A "Type 1" audit consists of inquiry and observation of your controls for a single date in time such as May 31, 2024. No testing of the controls is done. A "Type 2" audit consists of of inquiry, observation, and testing of controls that were in place over a period of time such as July 1, 2024 to December 31, 2024. The Type 2 audit provides the validation through testing that your clients and prospects typically want to see.
6. Can you tell us more about the process and how you go about performing the audit?
Answer: Please press the "What to Expect" tab above for an overview of our audit process. Also, you may request more information by sending an email to info@soc123 audits.com or by calling us toll free at (877) 534-1291.
7. Does The Moore Group, LLC provide any other Certified Public Accounting services? Can you do our taxes too?
Answer: Nope. Our firm was established to provide SOC audits to small businesses. We believe this specialization sets us apart from other CPA firms, keeps us focused and allows us to do the type of work we love to do. Like many of our clients, we are IT geeks at heart.
8. How many auditors will be on site during the field visit testing or the remote testing session?
Answer: Typically, only one of our IT auditors will be on site during the field visit or remote testing session. The total hours spent testing will depend on the complexity of your IT control environment. Our goal is minimal disruption to your daily operations.
9. What is the professional background of your Audit Specialists?
Answer: Our Audit Specialists carry at least one of the following professional certifications: Certified Public Accountant, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Internal Auditor (CIA). In addition, each of our Audit Specialists are thoroughly trained in Project Management methodology which is a central tool in providing you the most efficient audit possible.
10. From beginning to end, how much time will the audit process take?
Answer: Typically, the total time required to complete the audit is between 90-120 days.
You may have arrived at our website because a customer or prospect asked you to provide a SOC 1 or SOC 2 audit. Here are a few questions and answers which may ease your mind a bit and help determine if we are the right CPA firm for you:
1. A customer of ours just told us we have to get a SOC 1 or SOC 2 audit as soon as possible. Why are we being asked to get this and what are the benefits of getting a SOC audit completed?
Answer: Because of Sarbanes-Oxley legislation, SOC audits have become a "must have" for companies that provide outsourced services. The reason for this is simple. In order to comply with very stringent Sarbanes-Oxley requirements on their end, your customers need independent validation from a CPA firm that your internal processes and IT controls are sound and working as intended. In some cases, if you are unable to provide either a SOC 1 or SOC 2 audit, you may risk losing business from that customer or prospect.
However, once you complete a SOC audit, you may choose to use it as a marketing tool to differentiate your company from your competitors. We've seen many examples where a SOC audit helped clients actually gain new customers.
2. I'm not sure how to prepare for this audit or exactly what to expect. For instance, how many days will you be on site doing the field work for our SOC audit? And, we do this remotely if we don't have an office?
Answer: We will be glad to send you some information summarizing exactly what to expect and steps to take to begin preparation - simply send a request to [email protected]. Typically, we spend one day at a client site performing field work. Or we simply use screen sharing services like Zoom or Teams to perform remote testing instead of a visit to your location. We utilize remote information gathering and testing as much as possible so we can minimize the disruption to your business.
3. How much do you charge for a SOC 1 or SOC 2 audit?
Answer: Our fees depend primarily on the complexity of your control environment and the time it takes to test that these controls are performing as intended. We encourage you to use our "Get A Quote" form to receive a no-obligation price quote for your audit. We have developed a business model and audit process which enables us to keep our rates reasonable to specifically serve the small business market.
4. Since you audit "small businesses", what do you consider small?
Answer: Typically, our clients are privately-held businesses with 1 to 200 employees. In some cases, we will provide services to a larger business.
5. I've read that SOC 1 and SOC 2 audits can be either "Type 1" or "Type 2" - what does this mean?
Answer: A "Type 1" audit consists of inquiry and observation of your controls for a single date in time such as May 31, 2024. No testing of the controls is done. A "Type 2" audit consists of of inquiry, observation, and testing of controls that were in place over a period of time such as July 1, 2024 to December 31, 2024. The Type 2 audit provides the validation through testing that your clients and prospects typically want to see.
6. Can you tell us more about the process and how you go about performing the audit?
Answer: Please press the "What to Expect" tab above for an overview of our audit process. Also, you may request more information by sending an email to info@soc123 audits.com or by calling us toll free at (877) 534-1291.
7. Does The Moore Group, LLC provide any other Certified Public Accounting services? Can you do our taxes too?
Answer: Nope. Our firm was established to provide SOC audits to small businesses. We believe this specialization sets us apart from other CPA firms, keeps us focused and allows us to do the type of work we love to do. Like many of our clients, we are IT geeks at heart.
8. How many auditors will be on site during the field visit testing or the remote testing session?
Answer: Typically, only one of our IT auditors will be on site during the field visit or remote testing session. The total hours spent testing will depend on the complexity of your IT control environment. Our goal is minimal disruption to your daily operations.
9. What is the professional background of your Audit Specialists?
Answer: Our Audit Specialists carry at least one of the following professional certifications: Certified Public Accountant, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Internal Auditor (CIA). In addition, each of our Audit Specialists are thoroughly trained in Project Management methodology which is a central tool in providing you the most efficient audit possible.
10. From beginning to end, how much time will the audit process take?
Answer: Typically, the total time required to complete the audit is between 90-120 days.