McKonly & Asbury
- Licensed CPA firm — can issue (sign) a SOC 2 report
- AICPA peer review: Pass · 2024-01-01 to 2024-12-31 · View AICPA record →
McKonly & Asbury is a national SOC 2 audit firm in Pennsylvania, USA that charges $50K–$150K for Type II audits with 8–16 week fieldwork-to-report timelines. Founded in 1973, they hold 3 accreditations and specialize in SaaS, Cloud Services, Data Centers, and 5 more. Their pricing is above average compared to the national average of $39.7K–$103.5K.
Free. Anonymous until you pick.
How Much Does McKonly & Asbury Charge for SOC 2?
Estimated Type 1 and Type 2 ranges, placed against the broader national peer set. Numbers are directional; final pricing depends on scope, Trust Services Criteria, evidence quality, and observation period.
- Type I Cost
- $35K–$100K
- Type II Cost
- $50K–$150K
- Timeline
- 8–16 wk
- Team Size
- 500-2000+
- Report Delivery
- Remote
- Response Time
- High - takes time to ensure preparedness, works closely during and after audit
Type II Pricing Position
Note: Pricing shown is estimated based on typical engagements. Use our SOC 2 cost calculator for a personalized estimate.
Timeline: The 8–16 week figure is the audit fieldwork-to-report window once evidence is ready, not the full engagement. A SOC 2 Type II also requires an observation period, typically 3–12 months depending on scope, before that window begins.
How this directory works: we are an independent directory. Firms can pay a flat fee for labeled placement on our lists; we take no cut of audit fees, and payment never changes a firm's rating or who we match a buyer with. How we make money →
- Pricing context
- 0%
- Timeline context
- 14%
- Certifications
- 3
of National firms charge more for Type II.
of National firms have longer minimum timelines.
listed certifications. Tier average: 2.
Compare McKonly & Asbury with Similar National Firms
Side-by-side pricing, timeline, and certification counts for the closest-priced peers in the national tier.
| McKonly & Asbury | Thoropass Sponsored | Forvis Mazars UK | PYA | Sikich | UHY | |
|---|---|---|---|---|---|---|
| Type II Cost | $50K–$150K | $12K–$30K | $50K–$150K | $50K–$150K | $50K–$150K | $50K–$150K |
| Type I Cost | $35K–$100K | $8K–$15K | $30K–$100K | $35K–$100K | $30K–$100K | $30K–$100K |
| Timeline | 8–16 wk | 2–6 wk | 10–24 wk | 26–52 wk | 10–24 wk | 10–24 wk |
| Team Size | 500-2000+ | 200–250 | 3400–3600 | 500–2000 | 2000–2400 | 1700–2100 |
| Certifications | 3 | 8 | 1 | 1 | 2 | 2 |
| Founded | 1973 | 2019 | 1998 | 1983 | 1982 | 1986 |
This comparison may include sponsored firms, marked above — only where they're a relevant alternative. How we choose
McKonly & Asbury Industry Fit
For buyers in SaaS and Cloud Services, McKonly & Asbury fits the national profile when timeline (8–16 weeks) and Type II pricing ($50K–$150K) align with what national firms typically deliver. Their 3 active accreditations, including ISACA, TCCP, extend that fit beyond pure SOC 2 into adjacent compliance frameworks.
Who Should Hire McKonly & Asbury?
SaaS providers, cloud service platforms, data hosting companies, healthcare organizations, and internationally-based companies operating in the US
What Makes McKonly & Asbury Different?
Extensive HIPAA expertise, nationwide presence with remote delivery, emphasis on client preparation and collaboration throughout audit process
Is McKonly & Asbury Right for You?
- You're an enterprise needing a comprehensive, large-scope audit
- You're in healthcare and need HIPAA-aware auditors
- You're a SaaS company going through SOC 2 for the first time
- You already use Sprinto and want an auditor who integrates with it
- You value an established firm with 53+ years of audit experience
of 5 criteria match. Get a personalized quote
Industries served
Works with these GRC platforms
Engage McKonly & Asbury
Visit McKonly & Asbury's website directly, or get an anonymous quote through us. Tell us your scope, McKonly & Asbury replies with a price, a timeline, and why they'd be a fit. Anonymous until you pick.
Industries, certifications, and platforms.
Tags below are preserved as crawlable text because they drive industry, accreditation, and GRC-platform comparisons across firm pages.
What Industries Does McKonly & Asbury Serve?
8 industries. National average: 7.
What Certifications Does McKonly & Asbury Hold?
3 certifications. National average: 2.
What Platforms Does McKonly & Asbury Integrate With?
Audit Platform
Proprietary
McKonly & Asbury SOC 2 Audit FAQ
Firm-specific answers generated from the directory record and preserved in FAQPage schema.
How much does a SOC 2 audit from McKonly & Asbury cost?
McKonly & Asbury SOC 2 Type I audits typically range from $35K to $100K. Type II audits range from $50K to $150K. This is above average for national firms — the national tier average is $39.722K–$103.472K. Final pricing depends on your organization's scope, number of trust service criteria, and system complexity.
How long does a SOC 2 audit take with McKonly & Asbury?
The 8–16 week range is McKonly & Asbury's audit execution and report-delivery window once evidence is available. It is the fieldwork-to-report window, not the full engagement. A SOC 2 Type II also requires an observation period, typically 3–12 months depending on scope, before that window begins, while a Type I is a point-in-time assessment with no observation period. Actual timelines depend on readiness, scope, and evidence availability.
What industries does McKonly & Asbury specialize in?
McKonly & Asbury has deep expertise in SaaS, Cloud Services, Data Centers, Loan Servicing, Insurance, Medical Claims Processing, Payroll Services, Healthcare. They are best suited for SaaS providers, cloud service platforms, data hosting companies, healthcare organizations, and internationally-based companies operating in the US
What accreditations does McKonly & Asbury hold?
McKonly & Asbury holds 3 accreditations: AICPA, ISACA, TCCP.
What audit platform does McKonly & Asbury use?
McKonly & Asbury uses Proprietary for their audit engagements. They integrate with Sprinto for evidence collection and compliance automation. Reports are delivered via Remote.
Is McKonly & Asbury a good SOC 2 auditor?
McKonly & Asbury is a national SOC 2 audit firm founded in 1973 with 53 years of experience. Extensive HIPAA expertise, nationwide presence with remote delivery, emphasis on client preparation and collaboration throughout audit process They are best suited for organizations that need saas, cloud services, data centers expertise.
Where is McKonly & Asbury located?
McKonly & Asbury is headquartered in Pennsylvania, USA. They serve clients across the United States and can conduct SOC 2 audits remotely.
How does McKonly & Asbury compare to other national SOC 2 auditors?
Compared to the 36 national firms in our directory, McKonly & Asbury's Type II pricing ($50K–$150K) is above average (tier average: $39.722K–$103.472K). They hold 3 certifications vs. the tier average of 2. Their minimum timeline of 8 weeks is comparable to the tier average.
Who should hire McKonly & Asbury for a SOC 2 audit?
McKonly & Asbury is best suited for SaaS providers, cloud service platforms, data hosting companies, healthcare organizations, and internationally-based companies operating in the US Their key differentiator is: Extensive HIPAA expertise, nationwide presence with remote delivery, emphasis on client preparation and collaboration throughout audit process
Questions to Ask McKonly & Asbury Before Hiring
A buyer-side checklist. Bring these to your first call — the answers separate firms that have run hundreds of SOC 2 engagements from firms that are bidding on them.
- Your team is sized at 500-2000+. How many auditors will be assigned to my engagement, and who is the engagement lead — a partner, a senior manager, or a staff auditor?
- You quote 8–16 weeks. What pushes a project to the longer end of that range, and what does "audit-ready on day one" look like to you?
- Your Type II range is $50K–$150K. What's included at each end, and what scope changes would push pricing above the top of that range?
- You integrate with Sprinto. If our team uses a different GRC tool, what's the evidence-handoff process and does it change your fee?
- Who reviews and signs the report on your side — is that a partner-level CPA, and how involved are they during fieldwork versus only at sign-off?
- How do you handle subservice carve-outs (e.g., AWS, GCP, Azure) versus inclusive subservice organizations when defining our scope?
- When you find an issue mid-audit, what's your remediation cadence — same-day flagging, weekly checkpoints, or an end-of-fieldwork rollup?
- Do you have surge windows (e.g., Q4 financial-year close) when start dates slip, and how far in advance do we need to lock the engagement to avoid them?
Get a quote from McKonly & Asbury
Tell us your scope. McKonly & Asbury replies with a price, a timeline, and why they'd be a fit. Anonymous until you pick.
Want to compare first? See 36 similar national firms or get 3 quotes.