The leading UK based global enterprise software company helps customers all over the world manage their business and prepare for what’s next in their industry. The company offers enterprise resource planning (ERP) applications that provide companies with the ability to respond quickly to market changes and enables them to realise their competitive advantage by working in a smarter way.
The company needed the help of an external service provider to carry out quality SOC 1 / ISAE 3402 and SOC 2 audits relevant to the user entities’ internal control over financial reporting (ICFR), with their major systems in scope. The company had grown rapidly over the last few years and their customers from across the globe required assurances that controls were designed and operated effectively in the products and services provided.
We were engaged to support them in delivering Service attestation reports - SOC 1, SOC 2, ISAE 3402 services for a number of their software products to their clients globally. Our highly skilled team performed readiness assessment, held walkthrough meetings understanding their products and business processes, helped document control activities associated with in-scope processes, and assessed the effectiveness of the control design and operations. We also highlighted potential exceptions ahead of actual SOC 1 / ISAE 3402 and SOC 2 examination along with remedial action plans to help ensure a successful report outcome.
In the second phase of the project, our team delivered a SOC 1/ISAE 3402 and SOC 2 Type I report, expressing a clear opinion on the fairness of the description presentation, and on the suitability of the controls design to achieve the related objectives. In a subsequent period, we helped this mature to respective Type 2 reports.
Gradually, we started delivering a portfolio of reports for this client, each having a unique market focus, the client was very focused on realising synergies across their portfolio of reports and minimizing potential redundancies.
We flexibly collaborated with the company’s teams, who are based in the UK, North America and offshore, throughout the project duration; including planning, readiness assessment, and final reporting. We became an extension of their team, working in ways that suited them and their schedules.
We helped provide quality SOC 1/ISAE 3402 and SOC 2 type 2 reports delivering the requirements in support of their customer contracts. Our team performed controls testing in a timeframe that allows them to leverage the testing across both SOC 1 and SOC 2 reports, helping achieve the synergy through our “Test once, report many” approach.
Going beyond our initial brief, we helped the client in control-streamlining exercises across their global functions and issuance of value-added process improvements at key stages, to increase efficiency and robustness in their control environments.
In this journey, there were significant improvements in the overall quality of the controls enabled the company to rationalise their offerings into a cohesive suite of applications based on a common set.
Our team is dedicated, efficient, and experienced in SOC reporting providing services to premier clients based in the UK and across the globe. Our work ranges across medium/large corporate clients and Listed businesses through to financial services. Supported by a global approach, common methodology and tools we can provide a consistent service to multinational organisations.