The SOC 1 report provides information that your management, clients, and clients’ auditors need regarding your processes and controls. For example, if you handle payroll functions for a client, then the client’s auditor needs assurance over your system’s controls before expressing an opinion on the accuracy of your clients’ financial statements. Rather than have each of your client’s auditors test your processes individually, the SOC 1 report (prepared by an independent public accountant in accordance with the attestation SSAE 18 standards) provides the information that those auditors seek in an efficient and streamlined manner.
Auditors provide two types of SOC 1 reports:
SOC 1, Type 1 tells your clients and their accountants that you have accurately described a system, that the described controls are in place, and that the controls as described should achieve your financial control objectives.
SOC 1, Type 2 goes a step further to verify that the controls did indeed function as described during a specified period, describes the tests your accountant performed to make that determination, and the results of those tests.
The SOC 1 (SSAE 18) report, which provides assurance to auditing personnel about the integrity of your system’s controls, replaced the SSAE 16 standard in 2017. Learn more here.