Emerging Business and the Rise of the SOC Report

Emerging Business and the Rise of the SOC Report

Posted on

By Scott M. McAuliffe, CPA, CISA, CFE | Risk Advisory Services Partner

How Social Distancing is Influencing Emerging Business

According to figures from the US Business Formation Statistics (BFS), since 2018 there are approximately 800 – 900 thousand business applications submitted each quarter. However, in the third quarter of 2020, there were nearly 1.6 million business applications submitted. With the onset of the pandemic, it appears that entrepreneurs are trying to quickly capitalize on providing products and services to meet the demands of a socially distant population. According to a Forbes article from April 2020, the 4 Business Trends Emerging From COVID-19 are:

  • Mobile Commerce and No-Touch Alternate Payment Options
  • Leveraging Software
  • Expanded Opportunities Using Automation
  • Demand For Faster Delivery

A look at the Inc. 5000 2020 List that details the 5000 Fastest-Growing Private Companies in America shows that close to 1500 of the companies are in the Software, IT Systems Development, IT Management, IT Services, Healthcare, and Telecommunications industries.

With these trends and many of these companies being third-party service providers that can impact their customers financial reporting and/or have access to their customers’ data, we have seen a rise in the companies being asked to provide SOC reports to their customers.

What is an SOC Report?

A SOC report, which is issued by a CPA firm, provides assurances related to internal controls over financial reporting (SOC 1) or controls over data security, system availability, system processing integrity, confidentiality, and privacy (SOC 2).

Emerging businesses that are working in industries such as Software, IT Systems Development, IT Management, IT Services, Healthcare, and Telecommunications could find themselves having to scramble because of requirements in a prospective customer’s RFPs or contract terms for a System and Organization Controls (SOC) Report.

For emerging businesses that want to learn more about SOC reports, Keiter has developed a SOC report blog series that can provide valuable insights on SOC reports and the process of getting a SOC audit.

Source: Becker’s Hospital Review

Questions on this topic? Contact your Keiter Opportunity Advisor or Keiter’s Risk Advisory Services team. We can help.

Additional Resources:

About the Author

Scott leads the Firm’s Risk Advisory Services practice, which focuses on providing cybersecurity services, internal audits, information technology audits, Service Organization Control (SOC) audits, and Sarbanes-Oxley assistance. Scott focuses on providing his clients with cost effective solutions to build strong, efficient internal control systems/practices that support their strategic objectives. In 2021, Scott achieved the Cybersecurity Maturity Model Certification (CMMC) Registered Practitioner status in order to provide CMMC services to Department of Defense prime and subcontractors.

More Insights from Scott M. McAuliffe, CPA, CISA, CFE

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.


How Can We Help You and Your Business?

Innsbrook Corporate Center
4401 Dominion Boulevard
Glen Allen, Virginia 23060

804.747.0000 or 804.273.6200