What is an SSAE 18 (SOC 1) Type II Audit Report?

by Sarah Harvey / October 6th, 2016

Harvest Strategy Group, Inc. recently completed its 5th annual SSAE 18 SOC I Type II audit in order to reinforce its industry leadership position in regulatory compliance through an extensive evaluation and audit of the internal controls and processes of its vendors and recovery partners.

Headquartered in Denver, Colorado, Harvest Strategy Group, Inc. provides comprehensive accounts receivables management services to a variety of creditors, including banks, auto finance lenders, credit unions, debt purchasers, and medical debt managers, by managing debt recovery on behalf of their clients. Harvest began their first SOC 1 Type II audit in June, 2012.

Why Pursue an SSAE 18 (SOC 1) Type II Audit?

David Ravin, Harvest’s CEO, recognized the opportunity in the accounts receivable management space to not only adapt to the regulatory environment, but to also create an enhanced framework in which creditors could have unquestionable confidence. “Our early commitment to obtaining the SSAE 18 Type II certification was key in positioning ourselves as a means to not only support our clients in terms of our services, but to provide the strictest controls in the market.  We recognized our highest duty is to uphold the integrity of our clients’ brands, and the certification is a critical piece of that commitment.”

Since Harvest’s inception in 1999, they have been able to stay ahead of the curve in the evolving world of regulations by offering services to their clients that are built around CFPB compliance standards as well as other federal and state regulations.  It’s not uncommon for many companies to lack the resources and bandwidth necessary to build the infrastructure needed to become and remain compliant. Since Harvest has built their business model around defect-free compliance, and have continued to pursue third-party validation, their clients can fully rely on them to provide industry leading compliance and oversight, relieving the resources, stress and cost of insourcing.

“Harvest Strategy Group’s Management approached their SOC 1 engagement as an exercise to have the effectiveness of their existing controls stress-tested and evaluated, as well as identify areas for improvement in their practices to control risks. This positions Harvest with a significant competitive advantage in soliciting new, and maintaining current, clients,” said Britt Wilson, CISA for KirkpatrickPrice, who performed the SOC 1 Type II audit engagement for Harvest.

What is an SSAE 18 (SOC 1) Type II Audit?

A SOC 1 Type II audit is an engagement that evaluates, tests, and reports on the effectiveness of internal controls at a service organization. KirkpatrickPrice performed Harvest’s SOC 1 Type II audit and appropriate testing of their controls that may have an impact on their clients’ financial statements, regulatory risk and reputation. In agreement with SSAE 18 (Statement on Standards for Attestation Engagements), Harvest’s SOC 1 Type II audit report includes a description of their controls as well as detailed testing of their controls over a 12-month period.

KirkpatrickPrice performed a thorough audit of Harvest’s policies and procedures against their documented policies and procedures in order to attest to the fact that their Compliance Management System and the services they provide to their clients are high quality, secure, and efficient.

“Harvest Strategy Group has obtained SOC 1 Type II reports for several years and have translated these engagements into opportunities to have a certified independent third party ensure their control of risks,” commented Britt Wilson, CISA, on Harvest’s recent compliance attestation.

How has a SOC 1 Type II Compliance Audit Benefited Harvest?

Pursuing and completing their fifth SOC 1 Type II audit has set Harvest Strategy Group apart from their competition as they have matured their environment through constant review of their documentation and process management. Choosing to be proactive with compliance, rather than reactive, has given Harvest the competitive advantage they need to be an industry leader in accounts receivables management. Harvest Strategy Group is always looking for opportunities for continuous improvement by constantly evaluating and updating their Compliance Management System as their business continues to grow.

Learn more about recognized industry leader Harvest Strategy Group, here. If you’re interested in learning more about how you can benefit from completing an audit, contact KirkpatrickPrice.

More SOC 1 Resources

Most Common SOC 1 Gaps

What is a SOC 1 Report?

The Difference Between a SOC 1 Type I and a SOC 1 Type II