SOC 1 report
A SOC 1 / SSAE 18 Report (System and Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SSAE 18 audit standard superseded the SSAE 16 report, effective May 1, 2017. A Soc 1 report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.
There are two types of reports for these engagements:
Type 2 - report on the fairness of the presentation of management’s
description of the service organization’s system and the suitability of the
design and operating effectiveness of the controls to achieve the related
control objectives included in the description throughout a specified
period.
Type 1 – report on the fairness of the presentation of management’s
description of the service organization’s system and the suitability of the
design of the controls to achieve the related control objectives included in
the description as of a specified date.
What is the Reason Behind SOC 1 Reports?
It is common today for many businesses to outsource tasks or
functions to service organizations, some that are even core to the organization’s operations. The Sarbanes-Oxley Act and other accounting standards in the U.S. and globally require service organization’s to demonstrate that they have adequate regulatory and risk standards in place over their clients’ financial controls.
Who Uses a SOC 1 Report?
A SOC 1 Report is used by organizations that outsource a specific service that can impact their internal controls over financial report. Today this can be just about any industry but typically requestors are publicly traded or organizations, financial services, healthcare, government and highly regulated industries.
Why is a SOC 1 Report Needed?
The big increase in demand for SOC 1 audit reports started after the Public Company Accounting Oversight Board (PCAOB) indicated that public corporations’ auditors could rely on a SOC 1 Type II audit during the annual assessment of management internal controls. Since that time, SOC 1 has become an internationally recognized standard and customers use a SOC 1 audit report as a method of establishing that they are a credible organization.
Yucca IT Consulting can help you
We can assist you throughout your preparation process for the SOC 1 compliance program. From the gap analysis to a final, personalized and, ready-to-audit SOC 1 report. With the help of your in-house pilot, a realistic timetable will be documented and accepted by your management.