Frequently Asked Questions.
You have probably arrived at our website because a customer or prospect has requested you provide them with a SOC 1-SSAE 16 or SOC 2 audit. We understand the immediate questions that may have entered your mind. Questions like, "How much will the audit cost?" or "How do we prepare?" or "How much time will it take?".
Our goal is to make the audit process efficient, understandable and worthwhile. Here are a few questions and answers which may ease your mind a bit and help determine if we are the right CPA firm for you:
1. A customer of ours just requested we get a SOC 1-SSAE 16 or SOC 2 audit as soon as possible. Why are we being asked to get this and what are the benefits to my company of getting a SOC audit completed?
Answer: Because of Sarbanes-Oxley legislation, SOC audits have become a "must have" for both public and private companies that provide outsourced data services. The reason for this is simple - in order to comply with very stringent Sarbanes-Oxley requirements on their end, your customers need independent validation from a CPA firm that your internal processes and controls are sound and working as intended. In some cases, if you are unable to provide either a SOC 1-SSAE 16 or SOC 2 audit, you may risk losing business from that customer or prospect.
However, once you receive a SOC audit, you may choose to use it as a marketing tool to differentiate your company from your competitors who may not have it. We've seen many examples where the audit helped clients actually gain new customers.
2. I'm not sure how to prepare for this audit or exactly what to expect. For instance, how many days will you be on site doing the field work for our SOC audit?
Answer: We will be glad to send you some information summarizing exactly what to expect and steps to take to begin preparation - simply send a request to firstname.lastname@example.org. Also, we aim to be as efficient as possible in every phase of the audit. Typically, we spend about one to three days at a client site performing field work. We try to utilize offsite information gathering as much as possible while still following the auditing standards of the CPA profession.
3. How much do you charge for a SOC 1-SSAE 16 or SOC 2 audit?
Answer: Our fees depend primarily on the complexity of your control environment and the time it takes to test that these controls are performing as intended. We encourage you to use our "Get a Quote" form to receive a no obligation price quote for your audit. We have developed a business model and audit process which enables us to keep our rates reasonable to specifically serve the small business market.
4. Since you audit "small businesses", what do you consider small?
Answer: We specialize in providing SOC 1-SSAE 16 and SOC 2 audits to clients with 1 to 200 employees. In some cases, we will provide services to a larger business.
5. SOC 1 and SOC 2 audits can be either "Type 1" or "Type 2" - what does this mean?
Answer: A "Type 1" audit consists of inquiry and observation of processing and controls for a single point in time - such as May 31, 2013. No testing of the controls are done.
A "Type 2" audit consists of of inquiry, observation, and testing of transaction processing and controls that were in place over, for example, a 6 month period. The Type 2 audit provides the control validation through testing that is most often sought after by clients and prospects.
6. Can you tell us more about the process and how you go about performing the audit?
Answer: Please press the "What to Expect" tab above for an overview of our audit process. Also, you may request more information by sending an email to email@example.com.
7. Does The Moore Group, LLC provide any other Certified Public Accounting services?
Answer: No. Our firm was established to specialize in providing SOC audits to small businesses. We believe this specialization sets us apart from other CPA firms, keeps us focused and allows us to do the type of work we love to do.
8. How many auditors will be on site during the audit?
Answer: One to three auditors will be on site during the audit. This number will depend on factors such as timing of the audit and complexity of the control environment. We will need a small work area (a cubicle or empty office is typical) and a "go to person" on your team as our central point of contact during the field work. Our goal is minimal disruption to your daily work.
9. What is the professional background of your Audit Specialists?
Answer: Our Audit Specialists carry at least one of the following professional certifications: Certified Public Accountant, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Internal Auditor (CIA). In addition, each of our Audit Specialists are thoroughly trained in Project Management methodology which is a central tool in providing you the most efficient audit possible.
10. From beginning to end, how much time will the audit process take?
Answer: The time required will vary depending on many factors. However, in some cases, the time required - from signing the engagement letter to final report delivery - can be as fast as 45 days.