System and Organisation Controls (SOC)

How do you know that your outsourced providers have adequate controls in place over the processes undertaken on your behalf? Conversely, how do your clients gain the comfort they need over the controls you operate on their behalf?

Organisations providing outsourced services to clients may need to consider the benefit of subjecting related processes and controls to a robust independent review of service organisation controls (SOC). A SOC report is a culmination of a detailed analysis of the internal management processes and controls that an organisation employs, based on either of the following standards:

SSAE 18 / AICPA Attestation Standards (Statement on Standards for Attestation Engagements – US standard); or
ISAE 3402 (International Standards for Assurance Engagements).

Offering an SSAE 18 / ISAE 3402 report to prospective or existing clients can set you apart from your competitors by demonstrating the seriousness with which you take internal control.

The benefits of using Mazars

Through our international operations, we are able to provide the certification you need using professionals highly experienced in delivering such assignments. We offer:

Guidance on how to adopt these standards;
The preparation of documentation for audit;
Dedicated client managers;
Consistent and experienced teams; and
Working practices which are flexed to your unique needs.

Get in Touch

Please submit the form below if you require any further information on the service provider reviews we undertake.

Enquire now

National contact

Conrad Volker Partner - Head of System Organisation Controls Leeds

Detailed profile

Protecting Employees - Payroll

Robust continuity strategies are critical. In addition to business operations and sales, your business continuity plans should focus on protecting your employees.

Risk Management

Do you have the necessary systems in place to identify and manage threats to your business and maximise opportunities as they arise? Whether you are putting a risk management framework in place for regulatory reasons or to comply with best practice, the benefits of drawing upon our experience are manifold.

Sarbanes-Oxley (SOX) compliance

The provisions of the Sarbanes-Oxley Act of 2002 are now well established in the US. This Act has implications for almost everyone associated with US public companies, including related companies in Europe. The penalties for violation of sections of this Act include fines reaching into millions of dollars, and even imprisonment. In contrast to the ‘comply or explain’ approach of the Combined Code,...