Service Organization Controls (SSAE 18)

Client Issue

SOC cs.jpg

The Company offered equipment financing. This business required the Company to work with some of the largest financial institutions. In order to effectively finance each transaction, the Company require the necessary financial support from an array of financial institutions – banks, investors, hedge funds, etc., of which the vast majority are substantially regulated.

The inability to ensure the financial institutions that the Company had the appropriate internal controls and was operating effectively prevented the company from engagements with numerous regulated financial institutions and required the Company to pay more for its capital.

The client’s objective of the SOC reports was to be able to provide the financial institutions (their strategic business partners / “vendors”) with the ability to mitigate the risks of transacting with the Company and, more importantly, provide the financial institutions with evidence that the Company was effectively operating. Obviously, the SOC engagement required addressing data security.

Without successfully obtaining an unqualified opinion on a set of SOC reports – the Company was not able to transaction with certain financial institutions, thereby, significantly curtailing its growth potential in numerous markets. The SOC reports are viewed as the “Good Housekeeping Seal of Approval.”

How Lakelet Helped 

Lakelet Advisory Group has experience in addressing this very issue with financing leasing companies. Knowing that the SOC compliance was a prerequisite for the Company’s ability to leverage its capital and to obtain said capital at a more cost effective rate (the interest), Lakelet conducted the SOC 2 Type I, then the Type II engagements within six month. Recall that the first year of the SOC engagements allows the Company to have the Type II prepared after only six months. Even during the gap period between the Type I and II reports, the strategic partners were provided the Type I report with notification that the Company will be seeking the Type II within a six month window. Without exception, this approach was acceptable to all parties involved.

Together with the Company and Strategic Partners, Lakelet was able to analyze and reconcile the “Vendor’s” requests and incorporate relevant Trust Services principles to build a custom report.


The Company utilized this engagement to reengineering its process and systems. Therefore, the results not only provided the Company with SOC reports – but with a better systems / process generating operating effectiveness. In addition, the Company was able to increase its credit rating thereby reducing its cost of capital.

These results were achieved due to both the Company’s commitment to the process and Lakelet’s experience which includes:

SOC certification.jpg
  • Lakelet is at the forefront of SSAE 18 engagements and its predecessor SSAE 16;
  • Lakelet has obtained the “Advanced SOC for Service Organizations Certificate” as recognized by the AICPA;
  • Over 40 years of auditing high risk engagements;
  • Certified in Financial Forensics (CFF) and Certified Information Technology Professional (CITP);
  • Lakelet’s partner in SOC engagements, Meliora, specializes in revolutionized continuous improvement systems / processes; and
  • The audit process is extremely complex and requires expertise in an array of unique area beyond accounting / financial – these include, but are not limited to, industry knowledge, SSAE 18 experience, technology, and risk management.
Looking for Strategic Partners and Capital? Lakelet Capital LLC >>