SOC Readiness

Evolving market demand has driven the need for third-party assurance over the past 25 years. In response to the demand the AICPA issues reporting frameworks to develop a consistent, profession-wide approach to performing attestation engagements related to the following:

  • SOC 1 (internal controls over financial reporting)
  • SOC 2 (internal controls relating to security, availability, processing integrity, confidentiality, and privacy)
  • SOC for Cybersecurity (cybersecurity risk management program)
SOC Readiness Assessment

JC Jones Approach to SOC Readiness

SOC 1, SOC 2, and SOC for Cybersecurity consists of the following key phases and tasks

Phase 1: Develop Expectations and Planning

We utilize a co-development of expectations phase to design the most effective approach, to gain an understanding of your environment, and to set expectations.

Phase 2: Perform Preliminary Assessment (Year 1 only as needed) – Understand Key Processes and System Design

We perform a preliminary assessment of the design of controls specified in the scope to evaluate the “current status” of the system, and communicate results (control deficiencies requiring remediation and corresponding recommendations) to Management.

Phase 3: Perform Examination – Evaluate System Design and effectiveness

Using our understanding obtained in the first two stages, we perform an examination and gather support for our opinion. We validate that appropriate processes and controls support the evaluation criteria and that there is reasonable assurance that controls are designed and operating effectively. Specifically, during this stage we:

  • Perform walk-throughs of controls
  • Evaluate the design and operating effectiveness (as needed) of the controls

Phase 4:  Report Results

In this stage, we complete:

  • The final SOC report
  • Management letters summarizing any concerns or deficiencies identified in the control environment and our recommendations for enhancement of controls

Internal Audit, Risk and Compliance: Areas of Expertise

Sarbanes-Oxley Compliance BigSOX Compliance
SOC Readiness BigSOC Readiness
Internal Audit Quality Review
IT General Controls BigIT General Controls
Enterprise Risk Management BigEnterprise Risk Management
internal audit vector artInternal Audit Outsourcing
SOX Compliance

The JC Jones top-down, risk based approach to Sarbanes-Oxley (SOX) compliance, coupled with our automated software solution, has a proven track record of providing substantial savings in compliance costs.

Learn More
SOC Readiness

JC Jones provides System and Organization Controls (SOC) reporting focused on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.

Learn More
Internal Audit Quality Review

JC Jones provides Quality Assurance Reviews (QAR) in accordance with IIA Standards while leveraging our 20+ years of internal audit experience to assess the image and credibility of your department.

Learn More
IT General Controls

Risk based focus on information systems and technology is core to our strategy. Our professionals are trained in computer aided audit techniques (CAAT) such as ACL and Microsoft Access.

Learn More
Enterprise Risk Management

JC Jones offers Risk Management services to ensure an entity comprehensively and systematically incorporates risk evaluation as part of developing and executing its strategy.

Learn More
Internal Audit Outsourcing

JC Jones is a full service internal audit outsource partner, including data analytics, fraud/forensic audits, cybersecurity assessments, SOX compliance, internal control testing and operational audit. Our client list ranges from large privately held companies to IPO registrants to multi-billion and multinational public companies.

Learn More

Designed and developed by