• More than Just Numbers
    Growth. Ideas. Solutions.

Houdyshell & Associates

We are a boutique niche SOC firm based out of Kansas City, MO. We offer SOC 1 and consulting services for small to medium sized businesses nationwide. We are veterans in the SOC service arena, affordable, experienced, and friendly.

Information at Your Fingertips


Please call us at (816) 516-2873 today - we'll be happy to offer you a free consultation. Thanks for visiting!

Get To know Us

Get To Know Us

Our team has been helping clients with their SOC needs for years.

Get Informed

Get Informed

Our monthly newsletter provides timely articles to help you achieve your financial goals.

Get Help

Get Help

We offer SOC 1 services to small to medium sized businesses.

Contact Us

Contact Us

Get in touch with us at info@houdyshellcpa.com or call us at (816) 516-2873.

Learn About Houdyshell & Associates


If you are looking for a blend of personal service and expertise, you have come to the right place! We offer SOC 1 services for small to medium sized businesses. We are experienced and friendly. Please contact us for a free consultation.

Days until April 17



FAQs

SOC is an acronym used by the American Institute of Certified Public Accountants (AICPA) for Service and Organization Controls.

Report on Controls at a Service Organization Relevant to User Entities' Internal Control over Financial Reporting (ICFR) - also referred to as an SOC 1

These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities' financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities' financial statements.

A definition of a service organization is a company that processes or performs certain services or procedures on the behalf of another company. Examples of service organizations are payroll processing companies, medical claims processors, credit processing organizations, application service providers (ASPs), trust companies and accounts receivable or payable outsourcing companies.

There are two levels of service for a SOC 1 (formerly SSAE 16 and SAS 70) examination. A Type I service auditor's report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of system that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type II service auditor's report includes the information contained in a Type I service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the testing period.

A SOC 1 (formerly SSAE 16 and SAS 70) examination offers many potential benefits to service organizations. While it is easy to list the benefits you will receive from going through the SOC 1 (formerly SSAE 16 and SAS 70) examination - it is difficult to assign a dollar value to them. However, as our clients can attest to - they feel the SOC 1 (formerly SSAE 16 and SAS 70) examination was very beneficial and the cost was not a factor once the project was completed.

The following are just a few examples of the benefits that our clients have experienced:

A SOC 1 report allows the business owners or management to have a sense of security and pride that their controls are adequate and follow best practices.
A SOC 1 report allows a company to provide their clients with an independent third party review of their internal controls.
A SOC 1 report may allow new sources of revenue by moving up market.
A SOC 1 examination often provides a company with a competitive advantage over its competitors.
A SOC 1 report is often accepted by interested parties such as clients, clients’ auditors and regulatory agencies, as a substitute for sending in their own auditors.
Normally, our SOC 1 project results in numerous operational and internal control enhancement opportunities.

Even if you have audited financial statements - if you process data for others – there is a strong likelihood that you will need a SOC 1 (formerly SSAE 16 and SAS 70) examination. On the other hand - if you don't have audited financial statements - and you are a service organization - you still need a SOC 1 (formerly SSAE 16 and SAS 70) examination. The SOC 1 (formerly SSAE 16 and SAS 70) examination process does not cover your internal financial statements or the procedures related to your internal accounting process.

NO - It is not necessary to have a national or large CPA firm perform your SOC 1 (formerly SSAE 16 and SAS 70) examination. The AICPA, as well as the PCAOB, only requires that the CPA firm possess the necessary competence to perform a SOC 1 (formerly SSAE 16 and SAS 70) examination, adhere to standard independence requirements for independent external auditors and be reputable.

HA works with service organizations throughout the United States, which provides evidence that a national or large CPA firm is not required to perform a SOC 1 (formerly SSAE 16 and SAS 70) examination. A SOC 1 (formerly SSAE 16 and SAS 70) examination performed by a qualified CPA firm is as reliable as any other. National or large CPA firms have well known names, but that name recognition does not equate to the quality of personnel performing your SOC 1 (formerly SSAE 16 and SAS 70) examination. Decision makers need to focus on the experience and expertise of the project team and not just the name of the firm. An emphasis should also be placed on the fees associated with the experience and expertise of the audit team. Don't fall for the low fee offers either, usually this ends up costing you and your personnel more time and resources as well as an inferior product or experience.

It is important to recognize that although most CPA firms could perform a SOC 1 (formerly SSAE 16 and SAS 70) examination, at typically lower fees, it is not advisable to utilize a firm that does not have extensive experience. Due diligence and thought should be undertaken to ensure that the firm and especially the personnel that perform the audit, have the appropriate level of SOC experience and expertise. This will enhance your SOC 1 experience and help avoid the common issues associated with having an inexperienced audit firm or personnel, perform the SOC 1 (formerly SSAE 16 and SAS 70) examination.

The time investment related to a SOC 1 can vary significantly. The factors that should be considered by a service organization are described below.

Type of Engagement - A Type I SOC 1 examination is much less involved than a Type II audit. The testing procedures related to a Type II examination, as well as the difference in review period, cause the examination to require significantly more fieldwork than a Type I examination of the same service organization.

Client Involvement - Client involvement can be the most significant factor in the time investment related to a SSAE 16/SOC. Clients that designate a point person for managing the collection of documents should see reduced time requirements from their auditors.

Overall, however, our clients feel that due to our teamwork approach – their investment is not near as invasive as their peers may have experienced. If this is your first SOC 1 - it will be more time encompassing due to the drafting of the description of system - but HA provides you with examples and templates to assist you in that process. With HA - you are not alone in the process - but receive a coach and teammate to help you in preparing for the examination. We have developed checklists and templates to help you understand the process and identify your controls as well as walk you through the process to eliminate headaches and heartburn.

Normally, whether you have a Type I or Type II audit performed it is not more than once a year. In the case of a Type I, companies usually have only one examination performed per year. These companies typically present the report to their user organizations as the annual Type I review and often refer to it by the year in which the audit was performed (i.e., 2017 SOC examination or 2017 Type I SOC examination).

In the case of a Type II examination, companies usually have only one examination performed in a twelve month period. Most companies have an examination performed that has a review period that ends in the third or fourth quarter of the calendar year. The most common periods for SOC (formerly SSAE 16 and SAS 70) examinations are six, nine or twelve months. Six months is the minimum suggested period according to AICPA guidance, however, your clients and their auditors will most generally request a twelve month coverage period without any gaps.

Featured Articles

Contact Us


Central To Everywhere!

Kansas City, MO SOC Firm | Home Page | Houdyshell & Associates

We welcome you to contact us anytime.

At Houdyshell & Associates, we have the knowledge and experience to assist you in your SOC needs. If you need help managing any aspect of your internal controls, we want to hear from you.

Please fill out this form and let us know how we can be of service. We will happily offer you a free consultation to determine how we can best serve you.