Get to know Peter Yien, CPA, CA, CISA, CRISC, LPA, CPA (Illinois – Inactive)
Peter Yien is a Business Consultant and Partner with MNP’s Enterprise Services group in the Greater Toronto Area. Peter brings three decades of experience through a combination of public accounting and executive experience in industry. He is focused on helping clients with IT governance, IT polices and related controls and service and organization (SOC) needs.
Learn why Peter works with or audits clients with these needs in this Q&A.
What inspired you to focus on SOC auditing and consulting needs?
Audit is thought by many to be a necessary evil, but my view is that an SOC audit provides the clarity and transparency for my clients to build trust with their clients through effective governance, policies and controls. My passion is to provide a service that is value added and to help my clients acquire new customers and retain existing customers through our SOC readiness assessment and SOC audit. As a bonus, the integrated IT governance, IT controls and operational controls work aligns with my interests and passion.
A SOC 1 report is focused on controls that meets the financial report needs of my clients. A SOC 2 report is focused on the operation controls and is aligned with the COSO Framework and five trust services criteria of security, availability, processing integrity, confidentiality and privacy.
Without a SOC report, my clients may miss the opportunity to bid on new business, maintain an existing client, or need to complete multiple client security surveys. As well, with the proliferation of companies going digital, the SOC report meets the needs for companies that require an audit of their IT controls and operational controls.
We help clients by conducting SOC readiness assessment reviews and report gaps for remediation prior to the actual SOC audit. After our clients address any gaps, MNP can proceed to conduct the SOC audit.
What are the key challenges for organizations needing to meet the SOC audit requirements?
Quite often, my clients must complete a SOC audit to qualify for new client work and / or renew an existing contract. They often face intense time pressures to get themselves ready for the audit and for MNP to complete the audit as soon as possible. Sometimes, not having a ‘clean’ SOC 2 audit opinion (or not having a SOC audit report at all) may disqualify them from bidding, resulting in competitive disadvantages, from hindering the acquisition of new business to losing an existing client.
What are your learnings in helping clients with meeting their SOC audit requirements?
After 30 years of experience, I can say there are three key takeaways:
- It is important to start early and give yourself enough time to get ready. Otherwise, the audit would be a waste of time and resources.
- Conducting a SOC readiness assessment first is a leading practice and will allow the timely remediation of gaps prior to the actual audit.
- Having qualified and experienced auditors will reduce audit fatigue, effort and delays. This is even more pronounced in your first SOC audit.
What does the future of SOC audit look like?
The SOC audit standards have been jointly developed by Chartered Professional Accountants Canada and the American Institute of Certified Professional Accountants in the U.S. The exponential growth in cloud and related services, and the digitization of businesses have resulted in unprecedented grown in companies needing to comply with the SOC 1 and / or SOC 2 standards.
Furthermore, many organizations are now requiring an SOC 1 and / or SOC 2 audit report with a clean opinion for their vendors to start or continue to do business with them.
I believe that SOC audits will continue to add value to an organization by enabling it to demonstrate compliance to a well-accepted standard, as well as facilitate acquiring new or retaining existing clients. Most importantly, many of my clients have seen their processes mature and resulting in operational efficiencies under an SOC audit regime, while enhancing trust from their customers.
To get to know Peter Yien, CPA, CA, CISA, CRISC, LPA, CPA (Illinois – Inactive) even better, contact him at [email protected].