I’m working with our internal compliance group on vendor risk documentation and had a question regarding the latest SOC materials.
The SOC 2 Type II Report for FY26 lists Ernst & Young (E&Y) as the service auditor, but the bridge letter covering the gap period appears to be issued by Schellman.
Our compliance team is asking whether:
This reflects a transition between auditors, and
If there is (or will be) a bridge letter issued by the same auditor as the SOC report (E&Y), or guidance confirming that the Schellman bridge letter should be relied upon together with the E&Y report.
They’re specifically looking for confirmation because their policy prefers continuity between the SOC report auditor and the bridge letter issuer.
The SOC2 Type II audit is performed by a different independent auditor annually which could indicate the transition from E&Y to Schellman meaning that:
Your audit was performed by E&Y for the fiscal year you have requested the audit for.
The fiscal year ended and the there was a transition to a different auditor for the specific report type.
You have received a bridge letter from the new auditor.
Therefore, the Schellman bridge letter is the correct and official document to be used in conjunction with the E&Y SOC 2 Type II report . There will not be a separate bridge letter issued by E&Y for the following period/fiscal year.