SOC for Supply Chain

Internal and external forces such as globalization, global interconnectivity, automation, and other technological advancements are making today’s supply chains highly sophisticated and complex. For entities that produce, manufacture or distribute products, there’s often a high level of interdependence and connectivity between them and their suppliers and their customers and business partners. These relationships are considered part of the supply chain.

Although the interconnectedness of these organizations can be beneficial (increased revenues, expanded market opportunities, and cost reduction), the ability of such organizations to meet their goals is often increasingly dependent on events, processes, and controls that are not visible and are often beyond their control.  Every time an organization does business with a supplier or service provider, new risks are introduced into the supply chain. These risks may threaten an organization’s ability to meet commitments made to customers and business partners and other goals,  such as:

  • Providing products that meet the principal product performance specifications
  • Meeting delivery and quality commitments and other requirements
  • Meeting production, manufacturing, or distribution commitments and requirements

To help these organizations,  and their customers and business partners, identify, assess, and address supply chain risks, the AICPA has developed a solution to foster greater transparency in the supply chain —a market-driven, flexible, and voluntary reporting framework.  This resource helps organizations communicate certain information about the supply chain risk management efforts and assess the effectiveness of system controls that mitigate those risks. 

Guides and Relevant Criteria for SOC for Supply Chain