Who Performs a SOC 2 Audit?
SOC 2 audits can only be conducted by a qualified CPA or an agency accredited by the American Institute of Certified Public Accountants (AICPA).
Choosing an auditor is one of the most crucial steps in the AICPA SOC 2 audit process, yet companies often overlook it.
An auditor should have clear experience conducting SOC audits and should be able to point to examples of reports they’ve generated in the past. Ideally, they should have experience working with your specific type of service organization.
Most service organizations conduct interviews with several auditors before hiring one.
Just remember that you’re not only selecting an auditor based on their qualifications — you’re also choosing a person that you’ll be working with for anywhere from a few weeks to a year.
The best SOC 2 auditors are your partners in the compliance process.
It's important to make sure your personalities and priorities are compatible.
Here are a few tips to help you select a SOC 2 auditor: