The stakes are high when it comes to choosing a lease accounting platform, because it directly affects the accuracy of your company’s financial reporting. Just about every firm working to implement the new lease accounting standards (FASB ASC 842 and IFRS 16) will be working with a new technology vendor to accomplish this project. How can you be sure you can trust what that vendor says about their own internal controls and practices, and how they will be handing your company’s financial information?
That’s exactly what Visual Lease’s SOC 1 Type 2 certification provides: proof (for both you and your independent auditors) that our internal controls are appropriately designed and properly executed to ensure safe and accurate processing of our clients’ financial transactions.
What does a SOC 1 Type 2 certification tell you?
Your lease accounting software vendor is a service organization that acts as an extension of your own company in the sense that they perform processing of your financial data, adding lease accounting journal entries to your GL and calculating lease assets and liabilities. That’s why your technology vendor’s controls and practices need to stand up to the same level of scrutiny that your own do.
Service Organization Control (SOC) assessments and reports, created by AICPA (American Institute of Certified Public Accountants) and performed and generated by an accredited audit firm, provide the assurance that a service organizations controls are properly designed to meet their stated control objectives at a specific point in time.
A SOC 1 report specifically addresses a service organization’s controls that relate to internal control of financial reporting. The Type 2 certification adds an assessment of the service organization’s execution of their own controls (whereas a Type 1 audit assesses only the design of controls). Auditors can come in at any point during or after the report’s specified time period to test and verify the service organization’s compliance with controls.
Because a SOC 1 Type 2 report covers a specific time period, it’s important to look for continuity of coverage over time. Chances are you will rely on your lease accounting technology for many years to come, so your auditors need to be satisfied that your chosen vendor continues to follow their stated controls and practices for the long term.
Visual Lease’s SOC 1 Type 2 certification services as assurance that your data is secure in our system and your lease accounting calculations are accurate.
Controls examined in Visual Lease’s SOC 1 Type 2 audit
Every SOC 1 audit is not the same; service organizations can have differences in their stated objectives and controls.
Visual Lease’s SOC 1 Type 2 audit covered data security, acceptable use of data, physical security of our offices, backup and recovery, and continuity planning. Our audit also went above and beyond policies and business practices to validate the most critical aspect of our service: our lease accounting calculations engine.
The following are the specific controls and business practices that auditors assessed and certified in Visual Lease’s SOC 1 Type 2 report.
- Organization administration. These controls provide reasonable assurance that individuals employed are qualified, experienced, and trained for the job functions they perform.
- Client onboarding and administration. These controls provide reasonable assurance that client and related lease data will be supported, authorized, accurate, and reliable.
- Lease calculations. These controls provide reasonable assurance that lease data will be processed completely and accurately.
- Governance and compliance. These controls provide reasonable assurance that risk identification and management, as well as relevant laws and regulations that impact operations, are identified, known, understood and implemented into business operations.
- Physical security. These controls provide reasonable assurance that physical access to the system is restricted to authorized personnel.
- Environmental controls. These controls provide reasonable assurance that the system is protected against fire and smoke and that temperature and humidity is maintained within predefined ranges.
- Logical access: These controls provide reasonable assurance that logical access to systems is restricted to authorized personnel and is based on job responsibilities.
- Vulnerability management. These controls provide reasonable assurance that the Visual Lease infrastructure is adequately secured from vulnerabilities.
- Backup and recovery. These controls provide reasonable assurance that appropriate backups of critical systems are made to enable recovery from an outage or data center failure.
- Change management. These controls provide reasonable assurance that changes are tested, approved, and documented prior to implementation.
- Website availability. These controls provide reasonable assurance that service levels are defined between Visual Lease and its clients and that application availability and the hosting environment are monitored.
- Third party providers. These controls provide reasonable assurance that third-party service providers are monitored.
About Visual Lease’s audit firm: Wipfli
Wipfli is a multi-discipline professional services firm with over 2,200 associates, 45 offices in the United States and two offices in India. Wipfli ranks among the top 20 accounting and business consulting firms in the nation. Wipfli is also a member of Allinial Global, an accounting firm association of legally independent accounting and consulting firms with offices in North America and throughout the world through international members and partnerships.
Wipfli has a solid reputation as industry experts and as a trusted business advisor to more than 60,000 clients. The firm serves businesses of various sizes, from large public and private companies, to closely held family-owned businesses.