The SOC 1 report provides information that your management, clients, and clients’ auditors need regarding your processes and controls. For example, if you handle payroll functions for a client, then the client’s auditor needs assurance over your system’s controls before expressing an opinion on the accuracy of your clients’ financial statements. Rather than have each of your client’s auditors test your processes individually, the SOC 1 report (prepared by an independent public accountant in accordance with the attestation SSAE 16 standards) provides the information that those auditors seek in an efficient and streamlined manner.
Auditors provide two types of SOC 1 reports:
SOC 1, Type 1 tells your clients and their accountants that you have accurately described a system, that the described controls are in place, and that the controls as described should achieve your financial control objectives.
SOC 1, Type 2 goes a step further to verify that the controls did indeed function as described during a specified period, describes the tests your accountant performed to make that determination, and the results of those tests.
The SOC 1 (SSAE 16) report, which provides assurance to auditing personnel about the integrity of your system’s controls, is being replaced by SSAE 18. It will universally be referred to as a “SOC Report” and is effective for reports dated on or after May 1st of 2017. Learn more here.