SOC 1 (SSAE16)

The SOC 1 report provides information that your management, clients, and clients’ auditors need regarding your processes and controls. For example, if you handle payroll functions for a client, then the client’s auditor needs assurance over your system’s controls before expressing an opinion on the accuracy of your clients’ financial statements. Rather than have each of your client’s auditors test your processes individually, the SOC 1 report (prepared by an independent public accountant in accordance with the attestation standard SSAE 16) provides the information that those auditors seek in an efficient and streamlined manner.

Accountants provide two types of SOC 1 reports:

  • SOC 1, Type 1 tells your clients and their accountants that you have accurately described a system, that the described controls are in place, and that the controls as described should achieve your financial control objectives.

  • SOC 1, Type 2 goes a step further to verify that the controls did indeed function as described during a specified period, describes the tests your accountant performed to make that determination, and the results of those tests.

SOC 1, Type 1: Are Your Internal Controls Suitably Designed?

When your clients or prospects request a SOC 1 report, they are really asking three questions:

  • Have you developed and maintained a system of internal controls that are suitably designed to meet your stated internal control objectives?
  • Are those controls in place?
  • Do the internal controls function as designed?

Have you recently received a request from a client or prospect for a SOC 1 report?

Contact Auditwerx to schedule a Readiness Assessment that will prepare your service organization for a SOC 1, Type 1 examination.

A SOC 1, Type 1 report strives to answer the first two questions. An unqualified opinion in this report tells your client’s auditors that—in all material respects—the system you described is suitably designed to provide reasonable assurance that your organization’s financial control objectives will be achieved if the controls operate effectively. That information gives your clients a higher level of confidence in the system on which they rely for critical services.

The third question is answered in a SOC 1, Type 2 report.

Have you recently received a request from a client or prospect for a SOC 1 report?

Contact Auditwerx to schedule a Readiness Assessment that will prepare your service organization for a SOC 1, Type 1 examination.

SOC 1, Type 2: Are Your Internal Controls Operating Effectively?

For many businesses, the SOC 1, Type 1 report is the first step on the road to assuring clients that the systems in place to manage financial transactions are suitably designed to achieve stated control objectives.

For organizations that manage large volumes of sensitive financial data and that require a higher level of assurance, a SOC 1, Type 2 report is prepared to describe how the internal controls actually functioned over a period of time.

The Type 2 report digs a little deeper than the Type 1. With SOC 1, Type 1, your organization explains and documents the system, and your accountant attests to the fairness of that description and suitability of controls. While management’s description of the system also is the foundation of the SOC 1, Type 2 report, your accountant then goes a step further to perform tests on the system of controls to determine if it actually operated as described over a period of time. This more in-depth report can result in a much higher level of confidence in your processes from the businesses that you serve.

Have you recently received a request from a client or prospect for a SOC 1 report? Contact below Auditwerx to discuss whether a SOC 1, Type 1 or SOC 1, Type 2 is the right report for you.

If you have recently received a SOC 1 report—sometimes also referred to as an SSAE 16—request for proposal (RFP) from a prospect, or if you want to provide your clients with a high level of assurance regarding your controls that may affect their financial statements, then contact us to find out how Auditwerx can help you fulfill those needs.