The company required a trusted advisor to provide guidance and technical support to commence their internal controls journey – setting up their control framework and leading up to delivered high-quality assurance reports.
The challenge
The leading UK based global enterprise software company helps customers all over the world manage their business and prepare for what’s next in their industry. The company offers enterprise resource planning (ERP) applications that provide companies with the ability to respond quickly to market changes and enables them to realise their competitive advantage by working in a smarter way.
The company needed the help of an external service provider to carry out quality SOC 1 / ISAE 3402 and SOC 2 audits relevant to the user entities’ internal control over financial reporting (ICFR), with their major systems in scope. The company had grown rapidly over the last few years and their customers from across the globe required assurances that controls were designed and operated effectively in the products and services provided.
How we helped
We were engaged to support them in delivering Service attestation reports - SOC 1, SOC 2, ISAE 3402 services for a number of their software products to their clients globally. Our highly skilled team performed readiness assessment, held walkthrough meetings understanding their products and business processes, helped document control activities associated with in-scope processes, and assessed the effectiveness of the control design and operations. We also highlighted potential exceptions ahead of actual SOC 1 / ISAE 3402 and SOC 2 examination along with remedial action plans to help ensure a successful report outcome.
In the second phase of the project, our team delivered a SOC 1/ISAE 3402 and SOC 2 Type I report, expressing a clear opinion on the fairness of the description presentation, and on the suitability of the controls design to achieve the related objectives. In a subsequent period, we helped this mature to respective Type 2 reports.
Gradually, we started delivering a portfolio of reports for this client, each having a unique market focus, the client was very focused on realising synergies across their portfolio of reports and minimizing potential redundancies.
We flexibly collaborated with the company’s teams, who are based in the UK, North America and offshore, throughout the project duration; including planning, readiness assessment, and final reporting. We became an extension of their team, working in ways that suited them and their schedules.
Read our build trust and confidence in your supply chain insight
The results
We helped provide quality SOC 1/ISAE 3402 and SOC 2 type 2 reports delivering the requirements in support of their customer contracts. Our team performed controls testing in a timeframe that allows them to leverage the testing across both SOC 1 and SOC 2 reports, helping achieve the synergy through our “Test once, report many” approach.
Going beyond our initial brief, we helped the client in control-streamlining exercises across their global functions and issuance of value-added process improvements at key stages, to increase efficiency and robustness in their control environments.
In this journey, there were significant improvements in the overall quality of the controls enabled the company to rationalise their offerings into a cohesive suite of applications based on a common set.
