With the increased demand from customers for transparency around internal controls, an assurance report is becoming a critical component of an organisation's trusted relationship with the customers, and in support of the ability to retain and attract new customers. Therefore the client expressed a desire to undertake a controls rationalisation review against a SOC 2 framework.
The challenge:
The client, works with some of the biggest grocery retailers and CPG companies around the world, are subject to audit and other regulatory requirements. The need for assurance reports increased due to increasing demand from customers and became a prerequisite to be a trusted partner that delivers value.
The solution:
A big four company was engaged to initially work with them to perform gap assessment against the SOC 2 standard and then to provide 173 key controls. We worked alongside all parts of the business to carry out audits of controls and evidence, participated in reviews, ensured compliance actions were carried out and recommended improvements to strengthen the weakness identified. We also performed a controls rationalisation review to reduce the initial 173 key controls identified to a realistic set of key management controls (around 60) to meet SOC 2 criteria. And drafted control activity wordings relevant to SOC 2 standards
The outcome:
The assurance report is now used to reduce customer audits and ensures the business processes are running effectively within the bounds of SOC2 requirements which in turn will help retain trust. As part of the review, we helped the management to standardise processes, remove redundant controls and mitigate the risks faced in delivering third party assurance to the customers