Posted in: Advisory, Audit,

SOC Services – The Time Is Now

I’ve talked in the past about trending services, and system and organization controls (SOC) reporting is near the top—or at the top—of that list. SOC reporting is a great way to expand assurance services for mid-size firms. Large firms are all in this business, and at Allinial Global we have our fair share of firms that excel at SOC engagements.

While I was at the AICPA, I was involved in strategic discussions as the move from SAS 70 to SOC took place. The issue at the time was that many companies, especially in the tech arena, were using SAS 70 incorrectly and something needed to change. Those who do EBP audits (as I did in my day) were very familiar with obtaining a SAS 70 report to provide assurance over controls over financial reporting for third-party providers. That has now become SOC 1. For those who needed assurance over controls and security, generally, that’s where SOC 2 and 3 come in.

I don’t want this to turn into a technical session on SOC, so that’s as far as I will go. But I do want to highlight some of the opportunities in this space. Recently, I sat down with members at two of our mid-size firms to talk about SOC reporting. Jim McGough is a CPA, CGMA with Wolf & Company in Boston. He grew up in the traditional audit space and is now part of Wolf’s SOC team. Pete Rife is a CISA, CISSP, and Director of IT Audit at Holbrook & Manter in Ohio. Jim, Pete, and I had some excellent conversation around opportunities and challenges in providing SOC engagements.

Opportunities and Challenges

Many current opportunities are focused in the financial institutions, healthcare, and technology sectors. Both Wolf and Holbrook & Manter are involved in SOC engagements in these industries. But it’s not just about the SOC engagement; many companies are asking for HITRUST, PCI compliance, and other certifications to be included. For international companies, an ISO 27001 engagement will be included in the SOC engagement. While US-based companies may be getting the ISO 27001 along with the SOC certification, there are technology companies outside the US who are now looking to add SOC to their ISO 27001 engagement. Having a team that can provide multiple certifications is important.

One common challenge in the SOC world has been finding talent. Of course, talent is an issue for many of our service lines. We are working to push outsource capabilities and finding capacity and capabilities from other firms, as some industries have different busy seasons. For outsourcing, KNAV, MGC Global Risk Advisory, and Ashok Maheshwary & Associates all have opportunities for current SOC providers to expand their services.

Building a Foundation for the Future

What if you don’t currently provide SOC services? Well, our members who do provide the service are happy to help. Both Pete and Jim mentioned that they have helped other Allinial Global members who called when a client opportunity arose, assisting in a variety of ways. Some firms will just let the SOC firm deal directly with the client. Other firms have hired Jim or Pete’s firm to serve as subject matter experts, with the client firm providing the final opinion.

A great way to get started is to have one or two staff members get the SOC certificate, sell the work with the SOC firm as the lead, and use the client firm’s staff to assist and learn. Then after 5–10 engagements, the client firm will have experience to grow the practice.

I also asked Jim and Pete about future opportunities. SOC for cyber and SOC for supply chain are two newer lines of opportunity. Both Jim and Pete stated that as of right now they haven’t had many requests for either, but they could see the opportunity. The Department of Defense, for example, has released the Cyber Maturity Model Certification (CMMC), which they will require DoD vendors to obtain. More and more businesses are asking for SOC reports as part of due diligence in working with their company. SOC is clearly an area of growing need, and we want to ensure that Allinial Global member firms can identify the right opportunities—and remember that there are so many ways we can collaborate.

If you have any questions about SOC and how to start, outsource, or grow, please reach out to me. I am passionate about this and want to see Allinial Global firms truly take the lead in this sector.



Posted in: AG Events, Mark's Insights, Practice Management,

Meet Mark...Borg?

                Meet Mark...Borg??

From October 26-28, 2020, Allinial Global hosted its first-ever virtual Summit, welcoming a total of 255 attendees for three half days of interactive online sessions. We had a great time getting together to explore our theme of Focus on the Future, and I’m confident that we’ve all gained some valuable insights about where we are headed as firms and as a profession.

Attendance was up by over 30% this year, and with four concurrent tracks (A&A, Advisory, Firm Management, and Tax), there were lots of exciting things happening each day. Whether you were able to attend or not, I thought it would be helpful to highlight some broad themes from Summit 2020.

Below are my top five takeaways.

1. Strategic transformation. No matter which track you attended, you probably heard one message loud and clear: the future is here, and firms need a clear strategic vision to survive and thrive. When we think of change management and future readiness, we typically turn to tools, training, and technology. But no matter what change we are facing, we need to think carefully about the business strategy behind that change. The goal isn’t simply to dump our legacy systems into new technology or formats—it’s to build and execute a deliberate strategy for the future. Our Summit speakers provided some fantastic takeaways about what this looks like in practice.

2. The role of virtual. Hosting Summit virtually taught us that virtual can work, but it can never replace live, in-person events. Most of us would have preferred to gather in person in Vegas, but it was helpful to have this opportunity to learn how to navigate a new format and clarify the role of virtual in a post-pandemic world. While virtual can’t compete with the value of in-person connections (unless we all become Borgs), it can enhance and broaden reach. I think we are walking away from Summit 2020 with some great insights about how live and virtual can come together next year. Summit 2021 will be even bigger and better because of this year’s experience.

3. Relationships and trust. In a time when people are feeling increasingly disconnected, relationships are more important than ever. They are central to everything we do, whether it’s how we show up for clients during the pandemic or how we manage our teams virtually. And as our speakers reminded us, relationships do look different in a virtual world. While it can be more challenging to communicate clearly and maintain trust from a distance, Summit 2020 was packed with practical tips about how you can develop critical virtual skill sets that enhance connection and engagement during these difficult times.

4. Leading the charge. As I mentioned in my opening session, now is the time for CEOs and firm management teams to take charge and drive transformation. It takes a coordinated effort to get exceptional results—and leading that charge isn’t easy. We hear you. In our Summit evaluations, some managing partners said that there were certain presentations they wished they could have shared with their entire partner group. We have been uploading session recordings into Pathable so that you can share the presentations you found to be most helpful with your teams. This is a great place to start if you’re interested in sparking discussion and getting your team on the same page.

5. Common concerns. With the highest attendance and ratings in sessions dedicated to the CARES Act/PPP, SALT, international tax, M&A, and firm management, it’s safe to say that many of our firms are facing similar concerns. In that respect, Allinial Global members are a tremendous resource for each other. In this year’s Firm Management Roundtable, for example, we had some great discussion about what remote work looks like for each firm and how leadership teams are managing people they can’t see. I’m proud to see our members realizing that they can’t just wait for things to “go back to normal” if they want to attract the best and brightest talent. They are embracing “the New Normal” now by putting processes in place to prepare for a future where flex work and hybrid office and work-from-home schedules will likely become the norm.

I look forward to navigating this future together with our member firms. Together we will ALL come out stronger than before.