SOC 2 Can Be Relied on in Financial Statement Audits


UPDATE:  The guidance has been taken down.  Follow the link here...  Let's see what happens next.

This is big news!  The AICPA said the following in guidance released today:


This means that those service organizations who were left scratching their heads when their publicly traded customers told them that they would need a SOC 1 report that covers physical security because their external auditors had told them that they would get a significant deficiency on their financial statement audit otherwise, even though their SOC 2 covers physical security in more depth can breathe a sigh of relief.