Searching for SOC-1 Reports
I’m currently looking for a specific SOC-1 report for a 403(b) Audit I’m conducting. While I have the SOC-1s from the main company, several control objectives are related to a subservice that has its own SOC-1. This subservice was recently acquired by a larger corporation, but their website doesn’t provide much information on how to reach out regarding this issue. I attempted to email one of their contacts, but unfortunately, I haven’t received any response. Has anyone else faced challenges in locating SOC-1 reports? If so, did you find a reliable way to obtain them, or did you end up resorting to expanded testing?
One response
It sounds like you’re navigating a common challenge in the Audit process. Finding SOC-1 reports, especially for subservicers that have undergone changes, can indeed be tricky. Here are a few suggestions that might help in your quest:
Networking: If you have connections in the industry or any contacts who have worked with the acquired company, consider reaching out to them for leads on obtaining the SOC-1 report.
Professional Associations: Leverage groups like the AICPA or any industry-specific associations. They might have resources or contacts that can help you track down reports.
LinkedIn: Sometimes, reaching out directly to employees of the acquired company on LinkedIn can yield better results. Look for someone in compliance or internal Audit who might be familiar with their SOC-1 process.
Expand Your Search: If the company has multiple divisions or subsidiaries, check if the SOC-1 might be available under a different entity name, especially post-acquisition.
Documentation and Alternatives: If you can’t locate the SOC-1 report, make sure to document your efforts and consider other Audit procedures like expanded testing. It’s often better to have a contingency plan in place just in case.
Contact the Parent Company: Sometimes, the larger corporation will have a centralized compliance department or a specific person responsible for such requests. It might be worth reaching out to them directly.
Hopefully, one of these strategies works out for you, but if not, you’re not alone—many auditors face similar hurdles at some point! Good luck with your audit!