SOC and SSAE 18 Reporting: Practical Tips and Strategies Explored

William Holman leads the service industry audit practice of Assure with over a decade public accounting and industry experience. Prior to joining Assure, he worked for a Florida-based SOC provider where he was involved in all aspects of the engagements and was able to institutionalize a process for completing engagements efficiently while also exceeding client expectations. Previously, William also spent 4 years in the Transaction Advisory Services Group and Audit Group of a large regional CPA firm. He received his Bachelor of Science in Business Administration from the University of Tennessee. He is a licensed Certified Public Accountant in North Carolina and a Certified Information Technology Professional.

Steve brings a real energy to client engagements. Trusted for both his technical and business savvy, he continuously seeks ways to improve and grow, including learning about new ideas and techniques that may help clients achieve greater success. Steve remains dedicated to working beyond what is expected without being asked, communicating early and often, and treating clients and colleagues with respect.

With more than 30 years as a CPA, including national firm experience, Steve is one of the firm’s technical resources for the application and implementation of audit and attest requirements, as well as the proper presentation of GAAP financial statement disclosures. He also has deep expertise in the area of SOC 1 and SOC 2 reports. In addition to not-for-profit entities, Steve works with clients in a variety of industries, including manufacturing and distribution.

Shabbir has a decade of experience providing cross-functional services to clients, including SOC reporting, financial and IT assurance and advisory, risk management, SOX 404 compliance and forensic accounting for multiple mid-sized to large companies. Shabbir performs and leads System and Organization Controls (SOC) audits, including readiness assessments, gap analysis, documentation of process narratives, testing and remediation of business and IT controls, and preparation and issuance of reports. He also has substantial experience in advisory services including managing several internal audit outsourcing/co-sourcing projects through developing and executing financial and IT risk assessments, and assessing IT general, application and cybersecurity processes and controls to determine if controls are suitably designed and operating effectively relative to the clients’ size, complexity and risk appetite.