Frazier & Deeter

About Frazier & Deeter

Frazier & Deeter is a Top 50 US accounting firm founded in 1981 and led by Managing Partner & CEO Jeremy Jones. With 600–1,000 professionals across 14 offices in three countries, FD delivers the compliance depth of a large firm without Big Four pricing. Backed by a strategic growth investment from General Atlantic (April 2025) — with PSP Capital Partners and Aksia also participating — the firm is actively investing in M&A, talent, and technology.

Already executing on that growth: FD acquired Arch + Tower (consulting/CX, 2020) and Rosen, Sapperstein & Friedlander (Mid-Atlantic CPA firm, Nov 2025). Ranked #41 by INSIDE Public Accounting (2025) and #44 on Accounting Today’s Top 100.

The SOC Curriculum Advantage

FD’s SOC National Practice Leader, Shelby Nelson, has authored and instructed the AICPA’s official 2-day SOC for Service Organizations School since 2020. This makes FD one of the only firms in the country where the person who literally wrote the AICPA’s SOC curriculum is leading client engagements — not just teaching it.

FD holds AICPA SOC Specialized Service Provider status, with dual-standard reporting under both AICPA Attestation Standards and ISAEs for seamless international client coverage.

The Deepest HITRUST Bench in the Country

Andrew Hicks, Partner and National HITRUST Practice Leader, came to FD from Coalfire where he built their national HITRUST practice. At FD he has:

• Managed hundreds of HITRUST engagements
• Served on multiple HITRUST Assessor, Quality, and Third-Party Risk Management Councils
• Led FD’s HITRUST practice to cover the full CSF — r2, i1, and e1 validated assessments

For organizations pursuing HITRUST certification, there are very few firms with this depth of dedicated bench strength.

Consolidated Compliance: The FD Signature Approach

FD’s Process, Risk & Governance (PRG) practice covers the full compliance stack under one roof:

• SOC 1 / SOC 2 / SOC 3 attestation
• IT audit and internal audit
• SOX
• HIPAA
• PCI DSS
• CMMC and FedRAMP
• vCISO services

This breadth enables FD’s signature consolidated approach: merging overlapping controls from SOC 2, PCI, HIPAA, and HITRUST into a single evidence-collection cycle. A published case study demonstrates this for a global payments technology company — cutting costs and eliminating audit fatigue entirely.

For companies facing multi-standard audit burdens, this isn’t just efficiency — it’s a fundamentally different compliance model.

Who Should Choose Frazier & Deeter

Best Fit For:

• FinTech and payments companies managing overlapping SOC 2 + PCI + HIPAA + HITRUST requirements under one engagement team
• Government contractors requiring CMMC and FedRAMP readiness alongside SOC 2
• Healthcare and higher-education organizations pursuing HITRUST certification
• Companies with international operations needing seamless dual AICPA/ISAE reporting
• PE-backed growth companies that want a firm investing aggressively in scale, talent, and technology
• Middle-market companies that need Big Four-caliber depth without Big Four pricing

Not Ideal For:

• Early-stage startups needing only a basic SOC 2 Type I at the lowest possible cost
• Companies wanting Big Four brand name for IPO or investor optics
• Organizations with no multi-framework compliance needs (FD’s consolidation advantage won’t apply)

Market Position & Recognition

Rankings & Awards:

• Ranked #41 — INSIDE Public Accounting Top 100 (2025)
• Ranked #44 — Accounting Today’s Top 100 Firms
• Named to USA TODAY’s America’s Most Recommended Tax & Accounting Firms 2026
• Top 50 US firm for five consecutive years
• Best of the Best, Best Firm to Work For, Best Firm for Women in Leadership, Top Firm for Equity Leadership

Financial Backing:

• General Atlantic (lead investor, April 2025)
• PSP Capital Partners and Aksia also participating
• Actively pursuing M&A to expand service lines and geography

Pricing & Timeline

Estimated Pricing:

• SOC 2 Type I: $18,000 – $45,000
• SOC 2 Type II: $28,000 – $75,000
• Multi-framework bundles (SOC 2 + PCI + HITRUST): pricing reflects consolidated scope efficiencies

Timeline:

• Type I: 4–8 weeks from kickoff to report delivery
• Type II Observation Period: 3–12 months (client choice)
• Report Delivery: 4–6 weeks post-fieldwork
• Total Type II: 4–14 months depending on observation window

Partner-led engagements with dedicated teams and direct partner access throughout the audit lifecycle. 63 partners across the firm ensures senior-level attention even for mid-market clients.

Bottom Line

Frazier & Deeter represents compliance depth at scale without Big Four pricing. For companies navigating overlapping frameworks — particularly SOC 2 + HITRUST, SOC 2 + PCI, or CMMC + FedRAMP combinations — FD’s consolidated model and genuine bench strength in both SOC and HITRUST is hard to match.

The combination of Shelby Nelson (the person who wrote the AICPA’s SOC curriculum) and Andrew Hicks (hundreds of HITRUST engagements, multiple HITRUST councils) gives FD a credentialed depth in its two core practices that most mid-tier firms simply don’t have. Add General Atlantic’s backing and active acquisition strategy, and this is a firm investing meaningfully in its future — not coasting.

If your compliance roadmap includes multiple frameworks and you want senior-level attention without paying Big Four rates, Frazier & Deeter’s combination of expertise, scale, and consolidated approach is genuinely differentiated.