ByteChek Assurance is an independently owned and registered CPA firm and is able to deliver SOC reports under AICPA standards. ByteChek Assurance participates in the AICPA peer review program. We offer quality service on various AICPA engagements, including:
- SOC 1
- SOC 2
- SOC 3
- SOC for Cybersecurity
- SOC for Supply Chain
- Agreed-Upon Procedures
Why ByteChek Assurance is Different
One of the most frustrating aspects of SOC 2 reporting is having to use outside CPA firms for the reporting function. At ByteChek, we’re all part of the same team that helps make the assessment process suck less. Because ByteChek Assurance is a registered CPA firm, and its testers are trained and proficient on the ByteChek SaaS Assessment Platform, the testing and reporting process is seamless once you are ready for your SOC examination. ByteChek saves you the hassle of having to engage a separate outside CPA firm to issue your reports.
ByteChek Assurance Leadership
When you work with ByteChek Assurance for attestations and examinations, you benefit from our years of training and expertise.
Shonda Knowles-Elliott is a ByteChek Assurance, LLC Reporting Partner, focusing on SOC 2 readiness and audit reports. Shonda works with audit engagement teams to help navigate our clients’ interpretation and application of the AICPA SOC 2 standards. Before ByteChek Assurance, she worked as a manager in PricewaterhouseCoopers’ (PwC) assurance practice. While there, Shonda provided oversight on implementing the new revenue recognition standard, the EU’s General Data Protection Regulation (GDPR), and she acted as support on complex accounting matters. Shonda earned a Bachelor of Science in Accounting from Florida A&M University, and she attended Florida Atlantic University to earn a Master of Science in Accounting. She is a licensed Certified Public Accountant (CPA) in Florida and a member of the American Institute of Certified Public Accounts (AICPA), National Association of Black Accountants, and Florida Institute of Certified Public Accountants.
Frequently Asked Questions
I read that the most important part of SOC 2 is the pre-audit phase, is that true?
Don’t get us wrong. Pre-audit is important. But collecting evidence and remediating gaps is just the beginning. The reporting process with your independent CPA firm is just as important – possibly more important. Our experience in this industry taught us how important reporting is, which is why our affiliate and independently owned CPA firm, ByteChek Assurance exists. The ByteChek Assurance team can perform your SOC 2 examination seamlessly and efficiently utilizing the ByteChek SaaS Assessment platform eliminating the back and forth with auditors that don’t understand the compliance automation tool you’re using.
How much time and effort in a SOC 2 does ByteChek eliminate?
We’ve performed hundreds of SOC 2 examinations. This experience helped us identify about 42 common controls that our platform helps automate and streamline. To put that number into context, we’ve found that a SOC 2 Examination that includes Security, Availability & Confidentiality in-scope has around 60 controls (this number is an average, your total number of controls will vary).
So ByteChek (on average) helps save you time and effort on about 70% of your controls.
What does the industry say about CPA firms working with SaaS platforms like ByteChek?
In short, they’re OK with it. The industry calls this relationship “the use of an IT specialist.” Formal language states that “The auditor should evaluate whether the auditor’s specialist has the necessary competence, capabilities, and objectivity for the auditor’s purposes. In the case of an auditor’s external specialist, the evaluation of objectivity should include inquiry regarding interests and relationships that may create a threat to the objectivity of the auditor’s specialist. (AU-C 620.09).”
Is a SOC 2 confidential?
Because of the sensitive nature of the SOC 2 report and intended users of the report, a SOC 2 report is considered a restricted use report and should only be provided to readers under a non-disclosure agreement or other confidentiality agreements. In the event, your company needs or wants a report that is for general use, they can opt to undergo a SOC 3 examination.