Compliance SOC/SSAE16/SAS70 SOC 1 Report: What is it?

SOC 1 Report: What is it?

Reports on Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting: SOC 1 engagements are performed under SSAE 16, Reporting on Controls at a Service Organization. SOC 1 reports are examination engagements undertaken by a service auditor to report on controls at an organization that provides services to user entities when those controls are likely to be relevant to user entities' internal control over financial reporting.

There are two types of SOC 1 reports:

Type 1 – A report on management's description of the service organization's system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Type 2 – A report on management's description of the service organization's system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

Example: How SOC 1 Reports are utilized

A user organization engages a service provider to provide certain services that may impact the user organizations financial statements. When the user organization's financial statements are audited, their auditor needs information about internal control over financial reporting, including controls at the service provider that affect the user organization's financial statements.

To obtain that information the service provider engages a CPA (service auditor) to perform an examination of controls at the service provider, resulting in a report with detailed information about those controls. The service auditor's report includes opinions on whether the description of the service provider's system is fairly presented and whether controls at the service provider that may affect user entities' financial reporting are suitably designed. A Type 2 report also includes the service auditor's opinion on whether the controls were operating effectively and describes tests of the controls performed by the service auditor to form that opinion and the results of those tests. The auditor of the user organization's financial statements uses the service provider's service auditor report to obtain information needed to audit the user organization's financial statements.

  • 2.jpg
  • 20.jpg
  • middle kingdom.png
  • 1.jpg
  • 26.jpg
  • 22.jpg
  • tengasco.png
  • 23.jpg
  • 32.jpg
  • 19.jpg