SOC 2 Type II FY26 Auditor vs. Bridge Letter Auditor Mismatch

Get Help
,
1

Hello,

I’m working with our internal compliance group on vendor risk documentation and had a question regarding the latest SOC materials.

The SOC 2 Type II Report for FY26 lists Ernst & Young (E&Y) as the service auditor, but the bridge letter covering the gap period appears to be issued by Schellman.

Our compliance team is asking whether:

  • This reflects a transition between auditors, and
  • If there is (or will be) a bridge letter issued by the same auditor as the SOC report (E&Y), or guidance confirming that the Schellman bridge letter should be relied upon together with the E&Y report.

They’re specifically looking for confirmation because their policy prefers continuity between the SOC report auditor and the bridge letter issuer.

Thanks in advance for any guidance.

3

Hi @kpryce

The SOC2 Type II audit is performed by a different independent auditor annually which could indicate the transition from E&Y to Schellman meaning that:

  • Your audit was performed by E&Y for the fiscal year you have requested the audit for.
  • The fiscal year ended and the there was a transition to a different auditor for the specific report type.
  • You have received a bridge letter from the new auditor.

Therefore, the Schellman bridge letter is the correct and official document to be used in conjunction with the E&Y SOC 2 Type II report . There will not be a separate bridge letter issued by E&Y for the following period/fiscal year.

If you have any other questions, let me know!

Kind Regards,
Nik