All SOC reports are not equal. Different companies have different needs with regards to SOC reports. We customize our approach and pricing based on the scope of services that our client provides as a “Third Party Service Provider.”
GCPA is the only firm that publishes actual SOC pricing information. We have developed a three-level customized and unique approach to pricing that enables companies to get an idea of pricing before they engage in a lengthy consultative discussion with our firm. With the growing popularity of SOC engagements, more companies are being required to obtain a SOC audit report in order to maintain its business edge or to expand service lines, and we believe it’s important to be open regarding costs.
Some firms want you to believe that bigger is better and that financial auditors are critical of any report issued by a non-national firm. However, SOC Reports are measured based on the controls that are identified, the extent and thoroughness of the tests of those identified controls, and the results of the tests. Financial Auditors will examine the reports for these components to determine the adequacy of audit procedures performed by the SOC auditor.
What are you getting for your money?
Fewer disruptions All SOC engagements must conform and meet the same standards outlined by the American Institute of Certified Public Accountants; therefore, in the end, there is not a lot of difference in the report content. The primary differences lie in the amount of business disruption caused by the audit, the time it takes to issue a report upon completion of the initial fieldwork, and the overall costs.
Focus on key controls Another big difference between GCPA and other firms is our ability to quickly focus on the key controls within the business process and IT environment. We have been able to significantly reduce the amount of control objectives identified for clients who have undergone a previous SOC audit. We found that many firms include unnecessary, redundant control objectives and activities to justify the high costs associated with issuing their report. GCPA is concise and succinct in identifying and communicating control objectives, control activities, and the associated test results. We will provide user organizations with SOC reports that contain the information needed to accurately and properly assess the risks associated with the service organization.