Accounting
SOC 2 reports reimagined: From burden to business enabler
Perception is a powerful force. Few challenges are greater than overcoming perceptions, especially those supported by historical realities, facts and cultural norms. However, in an era when the accounting profession is defined by change and technological evolution, our most significant opportunities lie in challenging those perceived beliefs. That is precisely what we should be doing with SOC reporting today.
System and Organization Control 2 reports have historically been viewed as slow and complicated engagements defined by frustration. The projects require extensive and detailed evidence collection and demand a high level of subjective judgment and customization, which are very different challenges from the financial statement audits many SOC professionals were raised performing. Approaching these engagements with spreadsheets and flash drives has also made the process very cumbersome and frustrating, solidifying the perception of SOC 2 reports as daunting and difficult.
Fortunately, an increasing number of organizations have continued to dredge through the process — the report’s value is immense, and it is often a requirement to conduct business. This provides a broad level of tolerance for flawed systems and acceptance that friction is core to completing a SOC 2 report or even viewed as a feature of a high-quality audit.
This perception — confusing, slow and frustrating with high quality — hinders innovation. It doesn’t result in simple acceptance of the status quo or fear of change but manifests as outright hostility towards ingenuity. If these audits are “supposed to be hard,” then any suggestion to make them easier is rejected.
And yet, in recent years, that has all begun to shift: There is real excitement and investment in SOC 2 services from innovators outside of public accounting. They are challenging every aspect of how these audits are conducted with broad positive and negative impacts that demand the evolution of the perspectives of auditors, clients and the industry as a whole. It’s time to change our outlook and embrace the advancements in performing SOC 2 audits to fully realize the incredible amount of value and competitive advantage the service can provide.
Legacy tools and processes
Financial statement audit processes, the foundation of most assurance practices, were created using a shared language between auditor and client. Most clients in that world have backgrounds as auditors and are supported by well-established financial terminology and systems. When an auditor asks for an “invoice” or “purchase order,” the CFO knows exactly what is being requested.
Such a luxury does not exist when working with the information security community, which has a diverse vocabulary with varying definitions, pronunciations, and an unlimited number of acronyms. Accountants have spent hundreds of years establishing translation guides and systems. If anything, the level of standardization in technology is astounding, but this is a new industry experiencing dramatic change. So, it makes sense that approaching SOC 2 services with the same tools and rhythms as a financial statement audit has not proven successful.
From a growing need, new tools emerge
In an effort to bridge that gap and provide automated control monitoring, governance, risk and compliance platforms have been created to help clients manage policies, access risk, control user access, and streamline compliance. Through the use of policy templates and checklists adopted by each client, these GRC platforms have created standardization, where there previously was none, and concentrated resources that make this service attainable for small companies.
In the same way that Apple brought the home computer into our living rooms, these tools are making SOC 2 reports mainstream.
GRC platforms are also capable of producing automated evidence, which attracts most of the attention and provides significant benefits. Yet the greater impact is the friction they’ve removed. This simpler and scaled approach to SOC 2 reports reduces the noise created by the back and forth between auditor and client while removing the poor organization so begrudgingly accepted, allowing the auditor to focus on providing value. That value can come from conducting a simple and straightforward, low-touch engagement or an in-depth and intense control inspection that identifies true vulnerabilities and significant risks to the business.
Regardless of the approach, the technology supporting these engagements continues to improve. Last year, the RegTech industry was valued at
The challenges attached to compliance shifts
This growth and evolution of SOC 2 compliance is not without consequences. As speed has increased and prices have dropped, there has been a growing resentment towards these new approaches, not all of which are unfounded. Concerns about overreliance on automated evidence, auditor relationships with GRC platforms, and subject matter expertise within an engagement team are very real challenges the profession must continue to address.
However, by ignoring and shunning the existence of these new tools in an effort to retain the engagement’s status as “hard,” auditors avoid any opportunity to create value that exists beyond the paperwork.
Identifying that value and educating the world on the need to blend these tools with the expertise and professionalism that has always accompanied these services is a critically important message right now. Without that shared understanding and positive messaging, we continue to struggle through the communication challenges we started with and drown in the noise.
Overcoming obstacles with the right message
SOC 2 audits are going to keep getting easier, faster, and cheaper. Emerging technology and growing demand have made SOC reporting a very competitive and fast-paced industry that will feel some bumps along the way, but the need this service fills will shape the profession.
And if the perception isn’t slow, frustrating, and resource-intensive — what should it be?
SOC 2 reports are really a storytelling mechanism. They allow companies to communicate the security practices they value and demonstrate they are deserving of trust. These details can then be exchanged with outside parties to support decision-making in ways that were not previously possible. Companies are now sharing the completion of these reports through trust pages on their websites and online marketplaces as a sales differentiator, which allows CPAs to impact businesses in new and exciting ways.
The value they provide internally can also not be ignored. Accountability and organizational alignment allow mature and growing businesses to thrive. These aspects of SOC 2 compliance have always been valued, but the new supporting tools have suddenly made the experience practical, which should be celebrated.
When viewed as a mechanism for sharing information and allowing the client to be the author, you not only offer validation but a new mechanism for them to understand their own needs. It serves to track, evaluate, and understand critical aspects of their business in the same way the accounting ledger helps them understand their financial position. Instead of being a challenge or roadblock to overcome, you position clients to thoughtfully understand, own and communicate the aspects of their security program, which can be embedded into the organization’s way of life.
A federal court in Texas has issued another preliminary injunction and stay halting enforcement of the Corporate Transparency Act and its beneficial ownership information reporting requirement, which were already on hold following a
The U.S. District Court for the Eastern District of Texas, Tyler Division, issued the preliminary injunction and nationwide stay yesterday. The same district court’s Sherman Division, had
The decision on Tuesday involved a case with a pair of plaintiffs, Samantha Smith and Robert Means, suing the U.S. Treasury Department. They had formed LLCs under Texas law to hold real property in the state. In an
“The Corporate Transparency Act is unprecedented in its breadth and expands federal power beyond constitutional limits,” he wrote. “It mandates the disclosure of personal information from millions of private entities while intruding on an area of traditional state concern.”
He noted that the LLCs do not buy, sell or trade goods or services in interstate commerce or own any interstate or foreign assets.
The CTA passed as part of the National Defense Authorization Act in 2021 and requires businesses to disclose their true owners as a way to deter shell companies from carrying out illicit activities such as money laundering, terrorist financing, human trafficking and tax fraud. Businesses are required to file beneficiai ownership information reports with the Treasury Department’s Financial Crimes Enforcement Network. FinCEN has since
The Texas Public Policy Foundation is representing the two property owners challenging the CTA, arguing that the law violates federal Commerce Clause powers under the Constitution and undermines the principles of limited government and individual liberty.
“The court’s decision affirms the principle that federal government power is not unlimited,” said TPPF general counsel Robert Henneke in a statement Wednesday. “This ruling is a powerful reminder that our Constitution limits federal power to protect individual rights and economic freedom.”
“The government’s theory of power in this case was effectively unlimited,” said Chance Weldon, director of the Center for the American Future at TPPF, in a statement. “The district court’s opinion is not only a win for our clients, but ordinary Americans everywhere.”
The Financial Accounting Foundation today formally opened the search for several leadership roles.
The FAF Board of Trustees’ Appointments Committee is seeking nominations for these positions, which include chair and members of the Board of Trustees, the FAF’s executive director, Financial Accounting Standards Board member, and chair of the Financial Accounting Standards Advisory Council.
FAF executive director
Current FAF executive director John Auchincloss announced in December 2024 that he will
The executive director leads a team of 45 who provide support services to the FASB and the Governmental Accounting Standards Board, including communications and public affairs, legal, IT, human resources, publishing, financial management and administration. The role supports the FAF Trustees, who ultimately oversee the FASB and GASB Boards and their advisory councils. The executive director, in collaboration with the FAF chair, also sets the organization’s U.S. and international outreach strategies.
A full description of the FAF executive director role can be found
FAF Board of Trustees chair
The chair of the FAF Trustees is involved in all major Trustee decisions related to strategy, appointments, oversight and governance, and in representing the organization with high-level stakeholders and regulators.
The new chair will be appointed for a three-year term beginning Jan. 1, 2026, through Dec. 31, 2028, and can stand for reappointment to a second three-year term beginning in 2029.
A full description of the FAF Board chair role can be found
FAF Board of Trustees at-large member
The FAF Board of Trustees oversees and supports the FASB and the GASB, and exercises general oversight of the organization except regarding technical decisions related to standard setting.
The FAF is recruiting several “at-large” trustees — individuals with business, investment, capital markets, accounting, and business academia, financial, government, regulatory, investor advocate, or other experience.
A full description of the FAF trustee role can be found
FASB member
FASB members develop financial reporting standards that result in useful information for investors and other financial-statement users. The FASB member roles are full time and based in Norwalk, Connecticut.
“These are senior and prestigious appointments, demanding not only a high degree of technical accounting expertise but also a high level of understanding of the global financial reporting environment,” the FAF announcement reads.
The official start date for the position would be July 1, 2026, but the newly appointment member would be expected to start some time earlier than year to ensure a successful transition. The five-year term extends through June 30, 2031, at which time the member would be eligible to be considered for reappointment.
A full description of the FASB member role can be found
FASAC chair
The chair is the principal officer of the FASAC and advises the FASB on projects on the FASB’s agenda, possible new agenda items and priorities, procedural matters that may require the attention of the FASB, and other matters. The chair is responsible for guiding discussion at FASAC meetings and for implementing and directing the broad operating processes of the FASAC.
The chair may be appointed for up to a four-year term, or a shorter period of time as agreed upon, and may be eligible for reappointment.
A full description of the FASAC chair role can be found
Courtesy of the FAF, FASB and GASB
Top 10 Firm Grant Thornton announced that its CEO, Seth Siegel, is stepping down from his position after 30 years with the firm, though will still remain involved as a senior advisor.
“I have called Grant Thornton home for almost three decades and am proud to have been part of this amazing team and organization, which has solidified its standing as the destination of choice for clients and talent alike,” said Siegel in the firm’s
The new CEO will be Jim Peko, current chief operating officer of Grant Thornton Advisors LLC.
“I thank Seth for all he has done to help transform Grant Thornton so adeptly for the future. He has been a colleague, mentor and friend to so many of us, and a tireless advocate for the firm’s best interests. As CEO, my priorities will focus on accelerating our current business strategy and solidifying our standing in the marketplace as a unique global platform, driven by quality, culture and differentiated capabilities. We will continue to be the employer of choice for the industry and always capitalize on compelling opportunities before us as we drive meaningful growth,” said Peko.
Siegel expressed his confidence in Peko, saying he has worked closely with him for many years.
“Jim and I have worked closely together for many years, and he is the right leader for this new chapter — one who knows Grant Thornton well and has been integral to our many recent accomplishments and our quality-focused delivery,” he said.
Siegel became a partner in 2006, became managing partner of South Florida in 2020, and
The announcement comes shortly after the
Grant Thornton
Los Angeles against the flames
Texas court halts Corporate Transparency Act in another lawsuit
FAF seeks nominations for leadership, advisory roles
New 2023 K-1 instructions stir the CAMT pot for partnerships and corporations
The Essential Practice of Bank and Credit Card Statement Reconciliation
Are American progressives making themselves sad?
-
Economics1 week agoHomelessness rises to a record level in America
-
Personal Finance1 week agoAs ETF assets top $10 trillion for first time, here are trends to watch
-
Personal Finance1 week agoHere’s how to decide on the right student loan repayment plan for you
-
Personal Finance6 days agoHow to rebalance your portfolio after lofty stock returns in 2024
-
Finance7 days agoKen Griffin’s flagship hedge fund at Citadel climbs 15.1% in 2024
-
Personal Finance1 week agoHere are steps you can take to avoid overspending next holiday season
-
Accounting5 days agoDepreciation of Assets and Key Strategies for Accurate Valuation
-
Economics7 days agoJimmy Carter reshaped his home town