Many organizations have a difficult time distinguishing between “vendors” and “subservice organizations” for purposes of their SOC 1 and SOC 2 reports. This is partially because the differentiation / classification of vendors and subservice organizations has no bearing whatsoever on day to day operations of a service provider / organization receiving […]
One of the most common errors found during an audit of a 401(k) or employee benefit plan is the failure to timely remit employee contributions to the retirement plan. Management of the 401(k) or employee benefit plan needs to be mindful of the Department of Labor’s (DOL) rules for remittance of […]
Kfi Foundation and There With Care The Kfi Team delivered groceries today to a family with a child that has terminal brain cancer. After picking up the groceries at There With Care, the Kfi Foundation threw in a few extra goodies to add to our delivery to hopefully make life a […]
If you previously had a DOL limited-scope audit performed on your 401(k) or employee benefit plan, you should be expecting some changes to your 2021 plan year audit. The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) issued a new Statement on Auditing Standards for auditors who […]
One of the unique aspects of SOC 2 reports is that organizations have a great deal of flexibility in determining the scope of their report. This blog post covers a few common scoping considerations that companies face. Service Provided The services included within the scope of a SOC 2 report are […]
A company’s first SOC audit generally follows a standard lifecycle (and this applies to both SOC 1 and SOC 2): First your auditor performs a readiness assessment (also called a gap assessment) to help you prepare for your first SOC audit and identify control weaknesses that need to be addressed in […]
First Responder Breakfast The KFi Foundation tried out a new type of community service event this morning. We posted up in the ambulance bay at the UC Health hospital in Denver and served breakfast burritos, coffee, fruit, juice and other goodies to firemen, EMTs, paramedics and hospital staff. It was a […]
Preparing your company and plan for its first 401(k) audit can be a tedious task, but with the right knowledge and tools you can help prepare for a successful and smooth audit.
If a company has experienced a security incident, it may be necessary to disclose certain information about the incident in their SOC 2 report. However, just like many other areas of the SOC 2 reporting standards, a great deal of judgment is needed to determine if disclosure is required. According to […]
If your organization is subject to a SOC 1 or SOC 2 audit, then you are likely familiar with the vendor management requirements under both reporting frameworks. The American Institute of Certified Public Accountants’ (AICPA) reporting standards for SOC 1 (Section AT-C 320 of SSAE #18) states that: “Management’s description […]