For many businesses, the SOC 1, Type 1 report is the first step on the road to assuring clients that the systems in place to manage financial transactions are suitably designed to achieve stated control objectives. SOC reporting can also be used to improve your business.
For organizations that manage large volumes of sensitive financial data and that require a higher level of assurance, a SOC 1, Type 2 report is prepared to describe how the internal controls actually functioned over a period of time.
The Type 2 report digs a little deeper than the Type 1. With SOC 1, Type 1, your organization explains and documents the system, and your accountant attests to the fairness of that description and suitability of controls. While management’s description of the system also is the foundation of the SOC 1, Type 2 report, your accountant then goes a step further to perform tests on the system of controls to determine if it actually operated as described over a period of time. This more in-depth report can result in a much higher level of confidence in your processes from the businesses that you serve.
Have you recently received a request from a client or prospect for a SOC 1 report? Contact Auditwerx to discuss whether a SOC 1, Type 1 or SOC 1, Type 2 is the right report for you.
If you have recently received a SOC 1 report—sometimes also referred to as an SSAE 16—request for proposal (RFP) from a prospect, or if you want to provide your clients with a high level of assurance regarding your controls that may affect their financial statements, then contact us to find out how Auditwerx can help you fulfill those needs.