Fortune 500 Company with 100+ SOC Reports

Project details

Services performed
SOC 1 Type 2; SOC 2 Type 2; ISAE 3402; ASAE 3402; SOC Readiness Assessments, Limited Access Death Master File examination, HITRUST consulting, and International Regulatory Compliance

Annual hours expended on the engagement
Approximately 20,000 hours

Percentage breakdown by level
Partner/Managing Director: 5%
Senior Manager/Director: 5%
Manager: 20%
Senior Associate: 25%
Associate: 45%

Off-shore and/or landed resources utilized?
The following Grant Thornton International (GTI) Member Firms were employed to perform a sub-set of reports:

• Germany, Australia, Switzerland, and the United Kingdom

The percentage of GTI hours was approximately 10% of the total portfolio.
Additionally, the GT Service Center (GTSSC) in India assisted in performing work. The percentage of GTSSC hours was approximately 20% of the total portfolio.
Description of work One current client is a Fortune 500 technology company specializing in serving the needs of financial institutions and financial services organizations throughout the world. The organization currently processes 10 billion financial trade records each hour, resulting in $9 trillion in money moving through its network annually. The client currently undertakes more than 100 SOC 1 and SOC 2 reports covering their US and international operations. Additionally, Grant Thornton performs various examinations, regulatory compliance and consulting projects for this client. With a portfolio of reports of this size and with each having a unique market focus, the client was very focused on realizing synergies across their portfolio of reports and minimizing potential redundancies.

The outcome Grant Thornton LLP (GT) was selected in 2016 to replace the existing SOC providers, a combination of Big Four and regional firms, with a mandate to drive further synergies, improve quality, and reduce costs. When GT was originally awarded the work in 2016, the portfolio consisted of 50 reports, but an acquisition more than doubled the number of reports within the first year. By the end of 2016, GT issued 114 SOC reports. In 2017, GT issued 107 reports, and the same is currently expected in 2018. To accommodate such a large reporting portfolio while keeping consistent with report content and deliverables, GT established a centralized Project Management Office (PMO), which identified key individuals on both the GT and client teams, and met on a regular basis to discuss many topics throughout the year. One of the benefits of the centralized PMO was to identify testing redundancies that may exist within multiple reports. Once identified, GT instituted a “test once, apply many” approach that drove further efficiencies. Through the robust PMO, consistent execution methodology across all engagement teams, and bringing the right resources to bear, we have saved our client over $500,000 per year, issued their reports months earlier than the previous providers, and received very favorable feedback from the business units involved.