SOC 1 vs SOC 2 Audit Reports
Our firm has spent a fair amount of time discussing the differences between SSAE 16 (SOC 1, formerly SAS 70) and AT 101 (SOC 2) audit reports with many individuals from a significant number of companies in a variety of industries. So what are the differences? In short, the structure and the content of the reports are not significantly different; it is the recipients of the reports that are...
Read MoreCloud Migration Considerations
It seems like almost everyone is talking about cloud computing these days. However, these discussions often omit the factors that user organizations should carefully consider when contemplating moving to a cloud provider to host business critical applications. The following are six important factors for a user organization to consider: Am I using a trusted service organization? Ask whether...
Read MoreDeconstructing an SSAE 16/SOC 1 (formerly known as SAS 70) Audit Report
Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors. These reports come out once a year, typically in the late Fall. While most organizations do a good job of recognizing the need to request these reports, often they are not properly reviewed and evaluated when received. So, what do you do with the report once it has been received...
Read MoreAICPA Surrenders to the CICA
The American Institute of Certified Public Accountants (AICPA) has officially surrendered to the Canadian Institute of Chartered Accountants (CICA). That’s right surrendered. Did you know that if you want a SOC 3 audit report, prepared using the guidance issued from the AICPA, you have to be licensed by the CICA? Sound crazy? It is… Did you also know that almost no one at...
Read MoreSAS 70, SSAE 16, AT 101, SOC 1, 2, 3, SysTrust and WebTrust. Good Luck.
Recently, the AICPA has started referring to SSAE 16 reports as SOC 1 reports. SOC stands for service organization control reports. Not to be confused with SOX, which most know is an acronym for the Sarbanes-Oxley Act of 2002. In any case, the AICPA is trying to simplify the many different types of reports service organizations can receive by using the terms SOC 1, 2, and 3 in addition to...
Read MoreSAS 70 / SSAE 16 User Control Considerations
What are user (also known as client or customer) control considerations and why are they in most SAS 70 / SSAE 16 audit reports? User control considerations or UCCs in the audit jargon are simply controls that reside at the service organization. These controls are usually delineated in the SAS 70 / SSAE 16 reports within their own report sub-section and/or next to the control objectives they...
Read MoreAbout Linford & Company
We are specialists in the performance of SSAE 16/SOC 1, SOC 2, and royalty audits across technical disciplines. We issue SSAE 16/SOC 1 and SOC 2 reports for a wide variety of service organizations that go to many of the largest user organizations in the world. We also perform royalty audits on some of the largest consumer brands in the world.
 |
Follow us on our blog where we provide information about our firm, insight on guidance relevant to our services. |
 |
Subscribe to our newsletter. |