Request for Help with SOC-1 Reports
I’m currently in search of a specific SOC-1 report for an ongoing 403(b) Audit. While I have the SOC-1s for the primary company, many of the relevant control objectives are managed by a subservice that has its own SOC-1 report. This subservice was recently acquired by a larger entity, but their website provides minimal information on how to reach out regarding this issue. I attempted to contact one of their representatives via email, but haven’t received a reply.
Has anyone faced challenges in locating SOC-1 reports? If so, did you find an effective way to track them down, or did you end up opting for expanded testing instead? Any insights would be appreciated!
One response
It sounds like you’re facing a common issue in the Audit world, especially when it comes to obtaining SOC-1 reports for subservice organizations. Here are a few approaches you might consider to track down the SOC-1 report you’re after:
Contact the Main Company: Since you already have the SOC-1s for the main company, they might be able to assist you in obtaining the SOC-1 for the subservice organization. Ask if they have a point of contact or can facilitate the request.
Leverage Professional Networks: Sometimes reaching out through professional associations or networks can yield better results. Consider posting in forums where auditors congregate, such as LinkedIn groups focused on auditing and compliance.
Directly Approach the New Parent Company: If the subservice organization has been acquired, try reaching out directly to the new parent company. Even if their website isn’t helpful, try to find specific contacts in their compliance or Audit departments, either through LinkedIn or other professional resources.
Check with Peer Organizations: If you know other organizations that use the same subservice, reach out to them. They might have successfully obtained the report and could share how they did it.
Expanded Testing: If all else fails, you might indeed need to consider expanding your testing as a substitute for the SOC-1 report. Document your efforts to obtain the report as part of your Audit trail to demonstrate due diligence.
Good luck with your search! It’s definitely challenging, but hopefully, these strategies will help you get closer to locating the report you need.