About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics IT Audit, Third-Party Risk & SOC Examinations Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events

RubinBrown Combines with The Rybar Group to Expand Healthcare Consulting

RubinBrown LLP, is joining forces with The Rybar Group. John F. Herber, Jr., CPA, CGMA, Chairman - RubinBrown, Steven Harris, CPA, CGMA, Managing Partner - RubinBrown, and Richard Reid - President and CEO, The Rybar Group jointly made the announcement.

Learn More

Understanding the Changes in PCI DSS v4.0.1: Key Updates You Need to Know

Are you impacted by the PCI DSS v4.0.1 updates? The changes are minor, but need to be reviewed regardless of merchant or service provider level.

Learn More

IRS Provides Final Rules on Inherited Retirement Account RMDs

The SECURE Act of 2019 brought big changes to the retirement world, including the taxation of inherited retirement accounts.

Learn More

RubinBrown Sports Betting Index: July 2024 Analysis

For July, increases in handle continued as 30 of 32 eligible states saw increases in July ’24 handle versus July ’23.

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to IT Audit, Third-Party Risk, & SOC Examinations

Third-Party Risk & SOC Examinations

At RubinBrown, our team of professionals understand the value that System and Organization Controls (SOC) reports bring to both service organizations and user entities in today's marketplace to reduce third-party risk.

Third-Party Risk & SOC Examinations

At RubinBrown, our team of professionals understand the value that System and Organization Controls (SOC) reports bring to both service organizations and user entities in today's marketplace to reduce third-party risk.

It is becoming increasingly commonplace for businesses to outsource aspects of their operations to a trusted third party.

Our team is experienced in helping service organizations navigate control objectives of SOC 1® and/or the trust services criteria of SOC 2® examinations and we are driven to help service organizations "audit once and report many" to help relieve audit fatigue. The graphic below depicts the three main phases of the RubinBrown SOC examination project lifecycle. 

soc-img.jpg

RubinBrown is here to help you navigate the nuaces of SOC reporting.

Ways RubinBrown can help:

  • Collaborate with your team, while working remotely.
  • Evaluate the various SOC report types and help you select which report best suits your needs as a growing service organization and the needs of your customers.
  • Explain the time and resource commitments required to obtain one of the SOC reports noted below.
  • Provide a hands on risk assessment process, lead by an experienced member of our SOC team, to help you understand the requirements of each control objective and/or trust services criteria and what that means for your business.
  • Reduce the ongoing audit burden through establishing open communication, clear expectations, and transparent project tracking tools.
  • Cost and time efficiencies as a result of working with a team who works on SOC examinations day in and day out.
  • A customized way to link your organization's business to relevant control activities.
  • A quality deliverable that your organization will be proud to present to customers and/or prospects.

The variety of SOC reports offerings available to service organizations include:
 

  • SOC 1® — SOC for Service Organizations, ICFR: These reports are specifically designed to address controls at the service organization that are relevant to the user entities’ financial statements. They enable user auditors to perform risk assessment procedures and obtain audit evidence about whether controls at the service organization are operating effectively. Use of these reports is restricted to management of the service organization, user entities and user auditors.
  • SOC 2® — SOC for Service Organizations, Trust Services Criteria: These reports address controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information these systems process. They provide a level of detail sufficient to address the user’s vendor risk management needs and are restricted to specified parties with sufficient knowledge and understanding of the service organization’s system and the nature of services it provides. Use of these reports generally is restricted to service organization management, user entities of the system, business partners, CPAs providing services to user entities and business partners and regulators.
  • SOC 3® — SOC for Service Organizations, Trust Services Criteria for General Use Report: Like SOC 2®, these reports address controls relevant to security, availability, processing integrity, confidential and privacy. However, they do not provide the same level of detail. Therefore, they are considered general use reports and can be freely distributed.

The following SOC reports are available to entities beyond just service organizations:

SOC for Cybersecurity: These examinations provide an independent, entity-wide assessment of an organization’s cybersecurity risk management program.  Using this report, organizations can communicate pertinent information regarding their cybersecurity risk-management efforts.  In addition, the report can be used to educate stakeholders about the systems, process and controls the organization has in place to detect, prevent and respond to breaches.

SOC for Supply Chain: These examinations report on controls over a manufacturing, production or distribution system and communicate to stakeholders relevant information about the entity’s supply chain risk-management efforts, processes, and controls in place to detect, prevent and respond to supply chain risks.

  • You’ve been asked to provide a client (or future client) a report on your controls / security.
  • A client requires a SOC 1®, SOC 2® or other SOC report.
  • A future client is requiring an independent assessment related to the Cloud Control Matrix, HITRUST, ISO 27001, NIST 800-53 or another regulation or framework and you would like to report under one framework.
  • Your security team is spending too much time filling out security questionnaires.
  • Your compliance office, finance, legal or internal control/security groups are spending too much time filling out control questionnaires.

RubinBrown's Audrey Katcher has over 25 years of IT audit and service organization control experience. She currently serves on various AICPA SOC and technology working groups and task forces. Audrey's participation on these key AICPA committees provides clients the most current perspective the profession has on the new SOC standards and audit guidelines.

RubinBrown's Rob Rudloff has more than 25 years of information security experience on security reviews, mitigation, strategy and architecture development. Rob is a Certified Information Systems Security Professional, Information Systems Security Management Professional, Certified Cloud Security Professional and a Project Management Professional.

RubinBrown's Christine Figge has over 20 years of public accounting and consulting experience. Christine offers a unique perspective to the SOC process since she has used the reports as an auditor, assisted management in developing their description and controls identification, and performed the attestation services related to issuing SOC reports for clients.

RubinBrown professionals maintain a current working knowledge of the new standards and are ready to help your organization. RubinBrown is an experienced team who has led and performed many SOC engagements.

Contact Us

Back to IT Audit & Risk Services Third Party Risk & SOC Examination Services

Audrey Katcher, CPA, CISA, CITP, CGMA Partner audrey.katcher@rubinbrown.com 314-290-3420

Insights & Events

View All Insights & Events
Insight Article

Enhancing Cloud Security: Integrating Risk Management, IT Audit/Compliance (including SOC 2), and AI for Optimal Protection

Read This Article
Insight Article

RubinBrown Sports Betting Index: August 2024 Analysis

Read This Article
Insight Article

Navigating the VDA Process: What to Expect After Submitting Your Request to the Medicare Administrative Contractor (MAC)

Read This Article

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2024 RubinBrown LLP
ABACUS Recruiting RubinBrown Advisors RubinBrown Corporate Finance