Many organizations outsource business processes and obtain SSAE 18 Service Organization Control (SOC) 1 reports. Due to the COVID-19 pandemic, some of these SOC-1 reports may either be delayed in their issuance, as external auditors navigate the new remote working environment, or contain adverse opinions due to changes in controls at the service providers as a result of COVID-19.

Additionally, access to service organizations to obtain additional support for controls execution may be more challenging than normal. This article outlines a list of practical steps that companies can take to get ahead of this brewing issue.