SOC 2 Academy: Who is Monitoring Internal Controls?

by Joseph Kirkpatrick / December 16, 2022

Establishing methods of effective monitoring is a critical component of SOC 2 compliance. During a SOC 2 audit, an auditor will not only assess whether or not an organization is effectively monitoring their internal controls but also whether or not the proper person is monitoring those internal controls. Why is that? It comes down to the need for checks and balances, so let’s discuss. Monitoring Internal Controls When deciding who…

Read More

SOC 2 Academy: Evaluations of Internal Control

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 4.1 When a service organization undergoes a SOC 2 audit, auditors will look to validate that they comply with the common criteria listed in the 2017 SOC 2 Trust Services Criteria. Common criteria 4.1 (CC4.1) states, “The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.” Why is it so important that organizations effectively perform evaluations…

Read More

SOC 2 Academy: Who Should Make Updates To Your Risk Assessment?

by Joseph Kirkpatrick / December 16, 2022

The Importance of Teamwork During a Risk Assessment During a SOC 2 audit, an auditor will assess an organization’s risk assessment processes. This includes not only assessing how the organization assesses risk, but the people involved in the risk assessment process as well. Auditors will want to see that the organization has a process in place regarding who should make updates to the risk assessment. Why is that? One of…

Read More