System and Organization Controls reports (SOC) reports are pervasive in the service organization arena. Understanding the various reports and how they are used is critical for organizations providing client services that might benefit from obtaining a SOC report and the clients and prospective clients that may rely on the report as a component of their due diligence. This session will provide an overview of SOC reporting, the value proposition of such reports to organizations, the multitude of reporting options, and the intended use cases of each type of report.
The AICPA selected Scott to write and present the first-ever Education Program for "Reporting on an Entities Cybersecurity Risk Management Program and Controls" to cybersecurity professionals obtaining SOC for Cybersecurity certification. This program is the first of its kind, and as the author and presenter, Scott is one of the first in the U.S. to become certified. With 20+ years of experience, Scott is a Senior Manager within Withum’s SOC Services practice. His expertise lies within internal control assessments, risk assessments, SOC reporting (SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity), SOX 404, and internal audit co-sourcing.