Marcum LLP
Home | Offices | (855) MARCUM1  

Attestation Engagements
Compilations & Reviews
Employee Benefit Plans
Government Services
International Financial Reporting
IT Risk and Assurance
Mergers & Acquisitions
SEC Advisory Services
SEC Services
SOC Reports
Transaction Services
Cybersecurity Technology Risk Management Services

Tax & Business

PCAOB Report for 2013

Peer Review Report

SOC Reports

Service Organization Control (SOC) Reports
SOC reports adhere to a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to provide a mechanism by which service organizations can demonstrate the establishment of effectively designed control objectives and control activities to their customers, via an in-depth audit of the processes that are related to the services rendered to their customers.

There are three (3) key reasons that service providers engage an auditor to prepare a SOC report:

  1. Replaces the need of customer organizations to perform their own audits of services rendered by the service organization thereby minimizing disruption of operations
  2. Provides the service organization an independent operational assessment identifying opportunities for improvement regarding services rendered
  3. Serves as a marketing tool by which service organizations can provide potential clients the SOC report as a validation regarding services offered
Planning Assessment Fieldwork Completion
Marcum team orientation Review relevant systems Finalize testing procedures plan Review final draft of report
Develop project management plan Review relevant processes Discuss testing procedures with management Resolve any reporting issues with management
Finalize critical deadlines Identify relevant control objectives Perform control walkthrough and testing procedures Review drafts with Management
Develop preliminary lists of documents to be prepared by client Identify key controls Document testing Issue Report Adobe PDF format Bound hard copy
Conduct planning meeting with the Company's Management Perform risk assessment Draft summary of findings Debrief with management including control findings and recommendations
  Finalize evaluation of internal controls Review draft report  
  Identify potential internal control issues/concerns Wrap-up fieldwork  
  Report findings to the Company's Management    


SOC Diagnostic
A SOC diagnostic is an ideal, low cost starting point for companies who have not had a SOC or other controls based audit procedures previously performed. Our SOC diagnostic is designed to assist our clients to make a determination regarding their preparedness for an actual SOC audit. Our findings, areas we believe need to be addressed prior to an actual SOC audit, are only reported internally to management.

Type I SOC Audit
Includes an opinion on the fairness of the presentation of a description of controls in operation and how the design of the controls achieves the specified control objectives as of a point in time.

A Type I SOC audit may be preferable when your company:

  • Has never had a SOC audit performed
  • Has concerns regarding its readiness for a Type II SOC audit
  • Needs a SOC report to be issued within a short timeframe
  • Has no contractual obligation with its customers to have a Type II SOC audit performed

Type II SOC Audit
Report includes the information contained in a Type I service auditor's report, but also includes an opinion on whether the specific controls were operating effectively during the period under review.

A Type II SOC audit may be preferable when your company:

  • Provides a significant level of services to companies impacted by the Sarbanes-Oxley Act of 2002
  • Is contractually obligated to provide a Type II SOC audit report to customers
  • Is often visited by various third parties looking to perform a variety of audit procedures

Agreed-Upon Procedures Reviews
There are instances where it is not necessary to perform a SOC audit, but it is necessary for a company to report upon their achievement of certain control objectives. In such a scenario, we would advise an agreedupon procedures review.

  • These reviews have a defined set of procedures, such as verifying the accuracy, integrity, timeliness and confidentiality of information processed by the service organization
  • Designed to give independent third-party verification of selected controls to third-parties, such as customers and financial institutions, e.g. lenders

Our SOC Services Team is committed to providing our clients with the following:

  • A team approach to client service, utilizing all of the resources of our firm
  • A flexible, practical cost-effective approach to the delivery of a SOC product
  • The technical expertise you value and the personal service you deserve
  • Accessibility to engagement partners and professional staff
  • A detailed proposal and project plan to ensure that you receive the appropriate solution for your business
  • Affiliates in most major North American cities through our membership with the Leading Edge Alliance

The Marcum Advantage

  • Our "4-Fold" method divides the engagement into four phases Analysis, Remediation, Fieldwork, and Reporting
  • Our approach ensures that our clients receive a high degree of efficiency, minimized disruptions to their business, and direct attention
  • Team leaders with significant experience performing SOC audits
  • National firm service without the associated high cost


Boston, MA
San Francisco, CA
Fort Lauderdale, FL
New York City, NY
King of Prussia,

Please complete the following form and a Marcum LLP representative will be in touch with you.

Yes No

Captcha Image