Elizabeth led a team that collaborated with a SaaS company in the financial services sector to establish the framework for its System & Organization Controls (SOC) 1 Type 2 report (the SOC Report). This engagement aimed to create a robust set of key controls essential for demonstrating the operating effectiveness of controls that impacted the internal control over financial reporting and financial regulatory reporting of the company’s clients.

The approach involved conducting a comprehensive assessment of the companys internal control environment and providing remediation support to meet relevant standards. Elizabeth and her team worked closely with the companys teams to identify and document all key controls necessary for the SOC Report, focusing on controls related to the accuracy and completeness of financial data processing and information technology general controls.

Through collaborative working sessions and detailed analyses, they developed a comprehensive framework comprising the key controls that would form the basis of the SOC Report. These controls were designed to ensure the integrity and reliability of the outsourced services provided by the company, addressing areas critical for user organizations internal controls over financial reporting.

Additionally, Elizabeth provided remediation support where controls were not designed effectively. This involved identifying gaps or weaknesses in the control framework and working with the company to implement corrective measures, ensuring that the control environment met SOC reporting standards.

She also facilitated discussions and knowledge transfer sessions to ensure that the companys internal stakeholders were well equipped to understand and maintain the established control framework. This included providing guidance on ongoing monitoring and evaluation of control effectiveness over time.

Note: This work was performed prior to joining Stout.