Originally published in Manufacturer, ARB’s Manufacturing Industry newsletter.
The pandemic revealed just how fragile global supply chains can be. In addition to contagious diseases, various factors outside a manufacturer’s control can disrupt its supply chain. Examples include natural disasters, military actions, geopolitical tensions, tariffs, trade restrictions, economic forces and cyberattacks. It’s critical for manufacturers to take steps to evaluate and manage supply chain risk and communicate these efforts to customers, investors, partners, regulators and other stakeholders.
A valuable tool for providing transparency and assurance about your supply chain risk-management practices is the System and Organization Controls (SOC) for Supply Chain, developed by the American Institute of Certified Public Accountants (AICPA). You can use an SOC for Supply Chain report to communicate relevant information about your company’s supply chain risk-management efforts and the processes and controls you’ve put in place to detect, prevent and respond to these risks. Because the report involves an independent assessment of supply chain risk, it can be used to build stakeholder trust and confidence and gain a competitive advantage.
What are SOC reports?
The AICPA developed SOC to provide manufacturers with a suite of reporting frameworks to demonstrate how they manage risk and protect customer data. SOC 1 focuses on controls over financial reporting. SOCs 2 and 3 focus on the trust services criteria (TSC). These reports help evaluate the effectiveness of controls relevant to the security, availability, processing integrity, confidentiality, and privacy of information systems and data.
There’s also an SOC for Cybersecurity, which examines the effectiveness of a manufacturer’s cybersecurity risk-management program. The SOC for Supply Chain was designed to provide assurance concerning the systems and controls manufacturers use to produce and deliver goods.
What does an SOC for Supply Chain report cover?
An SOC for Supply Chain report uses the AICPA’s description criteria and TSC to communicate information about a company’s production or distribution system and assess the effectiveness of its supply chain controls. Among other things, the report evaluates a manufacturer’s:
Friendshoring: A novel approach to fortifying your supply chain
For manufacturers, supply chain resilience is more important than ever. In recent years, the global trade environment has become more complex and uncertain due to pandemics, geopolitical tensions and wars — of both the military and trade varieties. In addition, the current administration is using tariffs and other incentives to pressure manufacturers to move their operations and supply chains to the United States. Unfortunately, “reshoring” a supply chain presents significant challenges, given the high labor costs and shortage of skilled labor domestically.
Another option to consider is “friendshoring.” This refers to relocating a manufacturer’s operations to a country that has a friendly relationship with the United States but offers lower costs and fewer potential supply chain disruptions. Although trade relationships even with historically friendly partners — such as Canada and Mexico — have been strained recently, diversifying operations among several relatively stable countries can potentially ease supply chain risks.
- Ability to meet volume, quality and delivery requirements under various conditions,
- Protections against physical and cyber risks,
- Compliance with contract terms, industry standards and applicable regulations, and
- Resilience planning efforts (such as alternative suppliers, backup systems and business continuity plans).
The report contains three components:
- Management’s description. This part contains management’s narrative describing the company’s production or distribution system and outlining its objectives, risks, and the processes and controls that address those risks.
- Management’s assertion. Here, management states whether the description is presented in accordance with the relevant criteria and whether the controls described provide reasonable assurances of achieving the company’s objectives based on the TSC.
- A CPA’s opinion. In this section, a CPA provides an opinion on the description and effectiveness of controls to achieve the organization’s objectives. The report also outlines any testing procedures the CPA conducted in formulating that opinion.
SOC reports are based on detailed audits by independent CPAs. So they provide stakeholders with an objective evaluation of a company’s supply chain risk-management efforts.
What about your suppliers?
An SOC for Supply Chain examination and report can help build confidence in your company’s risk-management efforts. It can also help mitigate the risks associated with your suppliers and other business partners. This is particularly important today, given the extent to which business partners’ information systems are interconnected. Failure to manage these risks effectively can result in operational disruptions, reputational damage, loss of intellectual property and legal costs.
Asking the companies you do business with to furnish SOC for Supply Chain reports can help assure you about their risk-management efforts. These reports provide an efficient mechanism for obtaining the necessary information to evaluate your supply chain partners’ risks.
Building certainty in uncertain times
In today’s uncertain times, it’s essential for manufacturers to demonstrate transparency, trust and accountability. An SOC for Supply Chain examination and report can provide a powerful, efficient framework for doing just that.
This publication is distributed with the understanding that the author, publisher and distributor are not rendering legal, accounting or other professional advice or opinions on specific facts or matters, and, accordingly, assume no liability whatsoever in connection with its use. ©2025
Manufacturing Team Spotlight
Robin Cyr joined ARB in 2010. She is a Tax Director specializing in providing comprehensive tax compliance and consulting services to corporate and individual clients. Robin primarily serves industry leaders in the manufacturing, construction, and nonprofit sectors. As both a CPA and a lawyer, she provides exemplary tax and consulting services related to estate and succession planning.
