WithumSmith+Brown SOC Team Authors and Presents Inaugural AICPA SOC for Cybersecurity Certification

When the AICPA hosted its flagship System and Organization Controls (SOC) for Cybersecurity Certification course this past week, members of Princeton, N.J.-based WithumSmith+Brown’s (FY17 net revenue of $175.4 million) SOC for Cybersecurity Services Group served as lead instructors for the curriculum. This first-of-its-kind program also was authored by the professionals from the advisory, tax and audit firm. In total, seven Withum professionals also are among the first CPAs nationwide to earn the AICPA’s SOC for Cybersecurity digital badge.

A market-driven, flexible and voluntary reporting framework, SOC helps organizations communicate their cybersecurity risk management program initiatives as well as effectiveness of controls.

Withum’s certified SOC for Cybersecurity team members includes Tony Chapman, partner and SOC practice leader; Anurag Sharma, principal; Scott Mahoney, senior manager; Jim Bourke, partner, director of advisory practice; Stephanie Fitzgerald, SOC senior manager; Anupam Goradia, SOC senior manager; and Andrea Fernandez, SOC staff auditor. These certifications have earned Withum the distinction of having more AICPA-authorized SOC specialists, to perform peer reviews on SOC engagements, than any other CPA firm nationwide.

“As a leader in SOC and cybersecurity and information security services, Withum has once again distinguished itself – this time as it relates to the new cybersecurity risk management reporting framework,” says Chapman. “Our firm is among the first and has the highest concentration of fully designated SOC professionals authorized to provide peer reviews.”

AICPA has retained Withum to write, present live and record on-demand viewings of the first SOC for Cybersecurity Certificate training course for SOC professionals. Three of Withum’s professionals, Chapman, Sharma and Mahoney, served as course authors and presenters. Topics addressed in the AICPA-sponsored course offer an overview of the cyberthreat landscape and terminology, various SOC services, components of a cybersecurity risk management program, utilization of criteria to assess an entity’s controls, key steps for performing the cyber risk-management examination and factors to consider while forming the opinion and preparing the practitioner’s report.

SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to report on their cybersecurity management programs to internal and external stakeholders with credibility. For clients whose cybersecurity risk management programs are mature, an independent third-party firm can perform a comprehensive examination to assess cybersecurity risk management programs.