Services > Consulting > Risk & IT Compliance > SOC Examinations > SOC 1

SOC 1

A SOC 1® examination, also known as a SOC 1 audit, reports on the controls of a service organization relevant to its financial reporting.

The SOC process takes time and resources. Less operationally mature organizations commonly struggle with up-front issues such as failing to properly prepare and underestimating the formality needed to generate consistent audit evidence.

Larger organizations are also susceptible to risks, such as under-engineering controls to avoid dealing with complex networks of internal stakeholders—or highly distributed operations can make it difficult to implement and enforce standardized controls practices.

Seamlessly navigate the reporting process with a SOC 1 audit from our professionals.

Do You Need a SOC 1 Report?

Service organizations generally need a SOC 1 report when entities that use their services rely on the controls at the service organization to assess the effectiveness of controls over financial reporting processes.

For example, when using a payroll provider, controls related to processing payroll are performed by the payroll provider. Access to the provider’s SOC 1 reports would provide evidence of those controls’ operating effectiveness.

SOC 1 reports can be useful for third-party administrators, loan servicers, claims processers, payroll, and financial-related software-as-a-service (SaaS) providers to provide to their customers.

SOC Purpose
Click here to download the SOC Audit Guide

Types of SOC 1 Reports

There are two types of SOC 1 reports:

  • Type 1. Evaluates the design and implementation of internal controls at a certain point in time, or a so-called as-of date.
  • Type 2. Evaluates the design and operating effectiveness of internal controls over a period—usually 12 months—and is often the more desirable option as the test of operating effectiveness of controls can provide more meaningful perspective.

How the SOC Process Works

Once a preliminary readiness assessment is complete, a timeline can be developed for the engagement based on the assessment results.

How the SOC Process Works

Expansive SOC Experience

Our professionals provide SOC audits for a range of client types including SaaS, infrastructure-as-a-service (Iaas), and platform-as-a-service (PaaS) companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.

Though distribution of the SOC 1 examination report is restricted to management, customers, and their financial statement auditors to keep sensitive information confidential, companies can register for an American Institute of Certified Public Accountant (AICPA) SOC seal for public distribution.

More than 450 SOC clients
More than 450 SOC clients
More than 20 types of SOC clients
More than 20 types of SOC clients
More than 90 professionals specializing in SOC
More than 90 professionals specializing in SOC

Insights

Article
Review Vendor SOC Reports
Obtain a new vendor’s SOC reports, so you can address the risks related to outside service providers.
Article
Article
What Is a SOC Report?
Learn all the different types of SOC reports, why they’re important, and what information they provide.
Article
Article
How Technology Companies Can Built Trust
Instill confidence that your internal controls are sound is with a system and organization control (SOC) examination.
Article
WebPage
Webcast Series: System and Organization Controls
Learn the benefits of SOC reports, how to mitigate risks, and more in this webcast series.
WebPage

Primary Contact

Photo of Kimberly A. Koch
Kimberly A. Koch
Partner
(509) 777-0107