Peer Review Service Organization Control (SOC) Specialist

A specialist who meets the criteria established by the AICPA may be approved to assist peer review teams to review SOC 1, 2, or 3 engagements. When a specialist is used, the team captain, as always, is responsible for supervising and conducting the review, communicating the review team’s findings to the reviewed firm and administering entity, preparing the report on the review, and ensuring that peer review documentation is complete and submitted to the administering entity on a timely basis. The team captain should supervise and review the work performed by the specialist. The team captain will furnish instructions to the specialist regarding the manner in which materials and other notes relating to the review are to be accumulated to facilitate summarization of the review team’s findings and conclusions. The specialist may be required to be available or participate in the exit conference. The qualifications of SOC 1 or 2 specialists are as follows:

An individual serving as a SOC specialist on a peer review must be recommended as a specialist by a CPA who is a member of the AICPA in good standing and is associated with a firm that has received a report with a peer review rating of pass for its most recent System Review that was accepted timely, ordinarily within the last three years and six months. An individual serving as a specialist should, at a minimum,:

· Be currently active in public practice at a supervisory level for managing SOC 1 and/or SOC 2 examinations. To be considered currently active, a specialist should be presently involved in the SOC practice of a firm supervising one or more of the firm’s SOC engagements.

· Be associated with a firm (or all firms if associated with more than one firm) that has received a report with a peer review rating of pass[1] for its most recent System Review that was accepted timely, ordinarily within the last three years and six months.[2]

· Not be associated with an engagement that was deemed not performed or reported on in accordance with professional standards in all material respects on the specialist’s firm’s most recently accepted peer review.

· Possess current knowledge of professional standards applicable to SOC 1 and/or SOC 2 examinations, including Type 1 and Type 2 reports, qualified and unqualified reports, carve in/carve out engagements, and engagements with and without relevant user entity controls.

· Have at least five years of recent experience in the practice of public accounting with a minimum of 500 hours of SAS 70/SOC 1 and/or SysTrust/SOC 2 examinations.

· Have provided the administering entity with information that accurately reflects the qualifications of the specialist, which is updated on a timely basis.

To become an approved specialist, the specialist candidate should provide the Peer Review Program SOC Specialist Form to the AICPA at prptechnical@aicpa.org or an administering entity. The form is required to be signed by a CPA for recommendation as a specialist.

If you are looking for a SOC 1 or 2 Specialist who has been approved by the Peer Review Board Oversight Task Force, please see the SOC Specialist Contact List.

If you have any questions, please contact the AICPA Peer Review technical hotline at (919) 402-4502 or at prptechnical@aicpa.org.

[1] A peer review report with a rating of pass was previously referred to as an unmodified report (with or without a letter of comments). If a firm’s most recent peer review rating was a pass with deficiencies or fail, the firm’s members are not eligible to perform peer reviews.
[2] If a firm’s most recent review was a report review, then the firm’s members are not eligible to perform peer reviews.

A A A

Print Page

Get a free version of Adobe Acrobat Reader