SOC Reporting


Third-party attestation audits including System and Organization Controls (SOC) are integral to proving the presence of sound internal controls practices. We’ve learned in our practice that these audits require a mix of experienced professionals to perform a comprehensive audit that meets professional standards. Wolf’s financial, operational, information security, and technology experts analyze your business from the ground up to ensure you provide the most suitable report for your customer’s needs.

The use of each report varies based on the product or service provided to customers:


Evaluates the internal controls over financial reporting to provide assurance to customers related to their financial statement audits.


Evaluates internal controls pertaining to the criteria within the security, availability, processing integrity, confidentiality, and/or privacy principles.


Covers the same criteria as a SOC 2 report, but is intended for widespread public distribution and includes an official seal of certification.

Compliance Attestation Reports

Evaluates a company’s compliance to a specific regulation and provides an opinion regarding compliance to noted regulatory requirement(s) to customers.

Agreed Upon Procedure (AUP) Reports

Under the new Statement on Standards for Attestation Engagement (SSAE) 19, companies are able to define a set of controls to be evaluated. AUP reports can be useful to provide customers with assurance regarding controls that do not fit or may select specific elements from one or more of the above reports.

Clients We Serve


  • SOC 1 or ISAE 3402 (Type 1, Type 2)
  • SOC 2 (Type 1, Type 2)
  • SOC 3 (Type 2)
  • SOC Readiness Review
  • Compliance Attestation
  • Agreed Upon Procedures

Michael E. Kanarellis

Principal & Director of Business Development

[email protected]

(617) 428-5408