From audit pressure to performance progress—driving lasting change through collaboration
What sparked the need for change?
A Fortune 500 healthcare solutions organization uncovered an important trust gap after its SOC service provider identified numerous control deficiencies—issues its prior service auditors missed—resulting in qualified reports and heightened scrutiny. Leadership was clear-eyed about the reality: fixing the issue would mean bringing in an independent voice from outside the existing audit relationship. The transition to a new auditor would be difficult, and it needed to happen fast. The Board reinforced that urgency, giving management one year to resolve the qualifications. The deadline created a clear, burning need.
To deliver unqualified reports and reduce risk, the organization needed a strategic advisor who could go deeper—an advisor that could offer healthcare industry and security implementation insights, proven experience with SOC reporting and managing large portfolios of SOC reports, and the technical expertise to help reframe its strategy and approach. That’s when leadership turned to PwC.
What solution did the teams unlock by working together?
PwC worked with the company to understand how systems operated across departments and geographies. Our teams evaluated more than 1,400 controls—under pressure and ahead of schedule. We also advised senior leadership on building a more strategic oversight model—from monitoring the health of the control environment to using executive status reporting to surface issues earlier. We helped industry leaders align SOC reporting changes with broader business and customer priorities, giving them a clearer view of what mattered more.
Together, the team strengthened and redesigned over 250 controls to meet customer requirements for handling and managing sensitive and financial data. We didn’t just test and update controls. We also coached the client so they could lead tough conversations, close out open issues, and build productive relationships with their new service auditor. PwC translated complex SOC requirements into practical, business-ready solutions grounded in a deep understanding of both the reporting landscape and the company’s risk profile.
Where did tech innovation meet human ingenuity?
PwC focused on using technology to amplify what was already working well. We brought customizable tools tailored to the client’s systems and risk areas, including; accelerators to map service criteria to controls, dashboards that tracked remediation progress, and digital playbooks for implementing controls.
But tools were just the beginning. The real value came from how the tools were applied—by experienced practitioners who understood not just the tech but the business behind it. We combined industry knowledge, audit fluency, and intelligent automation, to help build a more agile, resilient control environment.
What was the real-world impact of approaching things differently?
Unqualified SOC 1 and SOC 2 reports—on time and without surprises. In addition, we helped eliminate more than 200 SOC-related risks before the auditor could flag them. Just as important, the company’s internal teams emerged with a clearer understanding of their control environment and greater confidence in managing it.
We worked with leadership to develop a strategic staffing model—giving them a view of the roles, skills, and team size needed to support the SOC function on an ongoing basis. This helped the company manage costs more effectively and confirmed the SOC program could tie its value to the broader strategic direction of the business. By shifting from a reactive mindset to a proactive readiness approach, we built a foundation for sustained trust with auditors, stakeholders—and future customers.
