Avoiding the Weak Link: SOC for Supply Chain

Date June 2, 2020
Authors Matthew Schiavone, CPA, CISSP, CISA

Advances in technology are rearranging the relationships between entities in supply chains. Entities that produce, manufacture or distribute products are more connected than ever with their suppliers, customers and business partners. There are advantages as well as disadvantages to this new way of conducting business.

The efficiencies introduced by technology have increased revenues, reduced costs and presented more opportunities, but technology has also introduced major risks to the entire supply chain. Accordingly, stakeholders – suppliers, customers, business partners – are considering these risks, and as a result, vetting their partners more diligently.

Routinely this is accomplished by requesting attestation reports on the entity’s system and the controls relevant to security, availability, processing integrity, confidentiality and privacy. Third-party, independent assurance is ideal. Such requests will likely soon become requirements.

In an effort to facilitate and provide a common set of criteria, the AICPA has developed guidance for a new examination-level service referred to as an SOC (system and organization controls) for Supply Chain examination.

An SOC for Supply Chain report provides information about the “system” used to produce, manufacture, or distribute products and the relevant “controls” within that system. The report is designed to provide users with information they need to identify, assess and manage the risks that arise from their relationships with the entity. Users include:

  • Business partners, such as customers or suppliers who need the information to manage and assess the risks associated with doing business with the entity
  • Business customers, including immediate customers or similar business entities further down the supply chain who may need to (a) integrate controls with the controls within their own systems, and (b) determine whether those controls are sufficient to mitigate their own business risks
  • Others, such as prospective customers and business partners who need the information to supplement their supplier selection processes or ensure the supplier’s compliance with regulatory requirements

As supply chains evolve and vendors and business partners are increasingly scrutinized, SOC for Supply Chain examinations will provide marketability, convey trust and distinguish organizations. A chain is only as strong as its weakest link.

HBK CPAs & Consultants has vast experience conducting SOC Attestation reports. We are poised to assist your organization in achieving success.

Speak to one of our professionals about your organizational needs

"*" indicates required fields

hbkcpa.com needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.