SOC Reporting & COVID-19: How Have Your Risks Changed?
Articles by: Richey May, May 13, 2020
COVID-19 has impacted every part of business and life in a short space of time, including SOC Reporting. Your risks and control environment has likely changed greatly, just as your methods for serving your customers have likely also adapted (temporarily or permanently).
Business leaders may have security concerns and wonder what actions they can take to help protect their business during this time and as we return to normal.
Work with your Auditor to understand how your COVID-19 Strategy may affect your control environment.
Your auditor should be a partner you can rely on to help you understand the implications of the changes you’ve made to continue your business during the pandemic. How many of your controls rely on physical presence in the office? How well documented are the temporary procedures to work around this? Can your organization complete a SOC Audit right now (and if not, can your timeline be extended)? These are all questions your auditor can help you answer.
Decide how to monitor your existing controls.
Remotely monitoring your controls is possible, but may require some tools you don’t currently possess. How are you reviewing document signing? How are you monitoring or storing approvals? How are you adapting to personnel changes that have integral roles in certain control processes?
Evaluate your Business Continuity Plan.
You’ve probably done this in terms of dealing with supply chain, remote work and customer service. However, it’s now time to look ahead to potential relaxing of COVID-19 restrictions, a second wave or extended remote work. You will want to consider many scenarios over the next 12 months, and again your auditor should be a valuable resource to help you look ahead and make a plan.
As the pandemic continues on, business leaders face challenges making decisions that may affect their business for many years to come. Talk to us about how we can help you understand your risks, build control systems and complete SOC Reporting to minimize them as much as possible, so you can focus on key operations and keeping your team safe.