The goal of a SOC 1 report is to provide an independent third-party opinion of the internal controls that may affect a user entity’s financial reporting. The report is designed to provide comfort to the organization’s users and the users’ auditors regarding the controls in place at the organization.

 You need a SOC 1 report when:

 -     Clients want information about your controls over processes that affect their financial statements.

 -     Clients will provide your report to their financial auditors.

 -     Clients request details about tests performed on transactions and accounts applicable to their financial reporting, including:

 -  Payables and receivables

-  Payroll and benefits

-  Third-party administration

            -  Loan and payment processing

Auditors provide two types of SOC 1 reports:

  • SOC 1, Type 1 tells your clients and their accountants that you have accurately described a system, that the described controls are in place, and that the controls as described should achieve your financial control objectives.

  • SOC 1, Type 2 goes a step further to verify that the controls did indeed function as described during a specified period, describes the tests your accountant performed to make that determination, and the results of those tests.

The SOC 1 (SSAE 18) report, which provides assurance to auditing personnel about the integrity of your system’s controls, replaced the SSAE 16 standard in 2017. Learn more here