- Compilation / (Notice to Reader): These engagements involve assisting you in preparing unaudited special purpose statements generally for income tax, financial institutions or management purposes. Usually, the full set of financial statements is not prepared for such engagements however the financial statements are prepared and presented in a generally accepted format. Our clients do as much summary, bookkeeping and accounting as possible to keep their costs low however we do provide clarifications on accounting issues when consulted.
- Financial Statement and Special Purpose Reviews: These engagements provide the reader with an assurance that the financial statements are plausible however review engagements do not provide similar assurance as an audit. The statements are clearly marked Unaudited however as the level of work required to complete a review engagement is relatively lower than an audit this is a cost-effective way of providing assurance over your financial statements. We can assist you in the review of your financial statements prepared using generally accepted accounting principles. We also perform special-purpose review engagements to meet your agreement requirements. Our review would consist of enquiry, analytical procedures, and discussions that would provide us with assurance regarding the plausibility of the statements. Some of the cases where Review engagements are generally completed are lending institutions seeking assurance of financial statements, potential buyers seeking assurance over revenue and cost of sales, joint ventures seeking assurance over income and spending, and foreign investors seeking assurance over agreements.
- Financial Statement and Special Purpose Audits: These engagements involve conducting an audit according to Canadian generally accepted auditing standards. The audit would lead to an opinion that the financial statements are presented fairly in accordance with Canadian generally accepted accounting principles. Clients may need an audited set of financial statements to meet Statutory regulations, for renewing licenses or upon request from a third party such as a lending institution or a potential buyer. In case assurance is required over a specific area such as assurance over revenue, inventory, account receivables, special purpose audits can also be performed thereby avoiding time-consuming and expensive process of auditing full set of financial statements. Many non-profit organizations require an audit due to Statutory regulations. We provide audit services for Not-for-profit organizations, condominium corporations and other private corporations.
- Attestation Engagements other than Audits or Reviews – These engagements involve conducting an attestation engagement according to CSAE (Canadian Standards on Assurance Engagements). CSAE 3000 is effective for engagement reports dated on or after June 30, 2017. Example of such engagements are CSAE 5925 an audit of Internal Controls Over Financial Reporting that is integrated with an audit of Financial Statements, CSAE 3416 Reporting on Controls at a Service Organization – popularly known as SOC (Service Organization Control) reports, CSAE 3410 assurance engagement on Greenhouse Gas Emissions, CSAE 5815 audit report on compliance with Agreements, Statutes and Regulations.
- CSAE 3416 / CSAE 3000 (SOC Reports) – Canadian Standard on Assurance Engagements (CSAE 3416) or popularly known as Service Organization Control (SOC1) report, addresses audit engagements undertaken by a service auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting. Service Organization Control (SOC2) report based on AICPA and CPA Canada Trust Services Principles, provides assurance on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. CSAE 3416 / CSAE 2001 (SOC 1 / SOC 2 / SOC 3) report allows user auditors to place reliance on the work of an independent auditor for outsourced services thereby reducing the amount of audit testing of the internal controls at the service organization. There are many other benefits of performing the engagement:
- Competitive advantage – To meet or exceed contractual requirements thereby giving your organization a competitive advantage in the market place
- Revenue growth – Improved client confidence of security over sensitive information will help draw more customers to your organization
- Reducing cost – You achieve this by standardizing processes with the help of optimized controls
- Scalability – Easier to grow and service more clients at the same time with the help of standardized controls and processes
SOC 1: A System and Organization Control 1 or SOC1 report (SOC audit) is given to a service organization after it demonstrates that it has sufficient internal controls in place to ensure that its client’s financials will not be affected due to its own actions. Clients usually use these reports to demonstrate to their own auditors that they trust the services that you are providing to them and do not expect your actions to impact their business in any way.
SOC 2: A System and Organization Control 2 or SOC 2 report (SOC audit) is given to a service organization after it demonstrates that it has sufficient internal controls in place for its information systems so that they follow one or more of the Trust Services Principles and Criteria. These criteria usually apply to organizations that do store or process information for their customers such as cloud hosting companies, Software as a Service (SaaS) companies or data processing companies.
SOC 3: As a society, we are heading into a digital age where more and more services are being made available online. While this helps in making our lives more convenient, it also means that more and more data is now being stored online or in the cloud. Most organizations that we work with do not have the expertise or infrastructure in information systems to handle the data that is being generated and, therefore, outsource the data handling, storage and processing to companies. The Trust Services Principles list some of the most important criteria when it comes to data storage that service-providing companies must adhere to.
SOC Cyber Security: Cyber Security threats are a real thing for all companies, big or small. With connected offices and on-the-move staff, companies rely heavily on their IT infrastructure to collect, store and share information. Many organizations choose third-party vendors to handle the services required for the smooth functioning of offices. This requires an assessment to ensure that the IT infrastructure is adequate as well as secure enough to handle your organizational requirements. A Cyber Security Attestation is a valuable report that allows you to gauge the level of cyber security maintained for your data and formulate plans for risk mitigation.
ISAE 3402: As business for an organization grows, there are some non-essential functions that the organization does not wish to focus upon. These functions do not occupy the core of business operations for the organization and are usually outsourced to a third-party organization that handles all aspects related to this function. Although these functions might not be core to the business, their failure may impact the operations or even the survival of the organization. In such a scenario, one needs to be absolutely sure that the organization handling the non-core functions performs its duties efficiently. An ISAE 3402 Service Organization Report is one of the ways of gauging the quality of outsourcing services provided by a service organization.
Agreed Upon Procedures: Businesses cannot scale up organically every time. To reach newer horizons and take your business to a new level, you will need to work with different people, different organizations, different sets of skills, different attitudes and working styles to reach your goal. You might want to buy out a business or consolidate your market position by merging with another business. How does one ensure that work under this new agreement will be done to the satisfaction of both parties? A third-party audit of agreed upon procedures helps.
Also visit us at SOCASSURANCE.CA
