One of the unique aspects of SOC 2 reports is that organizations have a great deal of flexibility in determining the scope of their report. This blog post covers a few common scoping considerations that companies face. Service Provided The services included within the scope of a SOC 2 report are […]
A company’s first SOC audit generally follows a standard lifecycle (and this applies to both SOC 1 and SOC 2): First your auditor performs a readiness assessment (also called a gap assessment) to help you prepare for your first SOC audit and identify control weaknesses that need to be addressed in […]
First Responder Breakfast The KFi Foundation tried out a new type of community service event this morning. We posted up in the ambulance bay at the UC Health hospital in Denver and served breakfast burritos, coffee, fruit, juice and other goodies to firemen, EMTs, paramedics and hospital staff. It was a […]
Preparing your company and plan for its first 401(k) audit can be a tedious task, but with the right knowledge and tools you can help prepare for a successful and smooth audit.
If a company has experienced a security incident, it may be necessary to disclose certain information about the incident in their SOC 2 report. However, just like many other areas of the SOC 2 reporting standards, a great deal of judgment is needed to determine if disclosure is required. According to […]
If your organization is subject to a SOC 1 or SOC 2 audit, then you are likely familiar with the vendor management requirements under both reporting frameworks. The American Institute of Certified Public Accountants’ (AICPA) reporting standards for SOC 1 (Section AT-C 320 of SSAE #18) states that: “Management’s description […]
One of my favorite things about being a human being is that we are all a work in process. It is something that every person on the planet has in common – we are all learning, developing, adapting and changing from the day we are born until the day we die. […]
One of the best parts of working at KFi is our regular schedule of community service events throughout the year. These events are a great opportunity to get together as a team, while at the same time helping others who are in need. We have always strived to make these events […]
Control Self Assessments (CSAs) are a key control that we consistently recommend to our SOC and other audit clients. The purpose of this blog post is to elaborate on CSAs and provide a practical and effective approach to performing them. CSAs can take many different forms and can range from very […]
Background The 2020 audit cycle for organizations that receive SOC reports is going to include new challenges related to COVID-19. Remote workforces are now the norm throughout the world and there are many new risks associated with this. For example, the use of insecure personal computers (or those already infected with […]