A SOC 1® examination, also known as a SOC 1 audit, reports on the controls of a service organization relevant to its financial reporting.

The SOC process takes time and resources. Less operationally mature organizations commonly struggle with up-front issues such as failing to properly prepare and underestimating the formality needed to generate consistent audit evidence.

Larger organizations are also susceptible to risks, such as under-engineering controls to avoid dealing with complex networks of internal stakeholders—or highly distributed operations can make it difficult to implement and enforce standardized controls practices.

Seamlessly navigate the reporting process with a SOC 1 audit from our professionals.

Do You Need a SOC 1 Report?

Service organizations generally need a SOC 1 report when entities that use their services rely on the controls at the service organization to assess the effectiveness of controls over financial reporting processes.

For example, when using a payroll provider, controls related to processing payroll are performed by the payroll provider. Access to the provider’s SOC 1 reports would provide evidence of those controls’ operating effectiveness.

SOC 1 reports can be useful for third-party administrators, loan servicers, claims processers, payroll, and financial-related software-as-a-service (SaaS) providers to provide to their customers.

Types of SOC 1 Reports

There are two types of SOC 1 reports:

• Type 1. Evaluates the design and implementation of internal controls at a certain point in time, or a so-called as-of date.
• Type 2. Evaluates the design and operating effectiveness of internal controls over a period—usually 12 months—and is often the more desirable option as the test of operating effectiveness of controls can provide more meaningful perspective.

How the SOC Process Works

Once a preliminary readiness assessment is complete, a timeline can be developed for the engagement based on the assessment results.

Expansive SOC Experience

Our professionals provide SOC audits for a range of client types including SaaS, infrastructure-as-a-service (Iaas), and platform-as-a-service (PaaS) companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.

Though distribution of the SOC 1 examination report is restricted to management, customers, and their financial statement auditors to keep sensitive information confidential, companies can register for an American Institute of Certified Public Accountant (AICPA) SOC seal for public distribution.