A question that often comes up from service organizations and service auditors is this “Who can management distribute the report too?” The answer lies buried in the AICPA’s audit guides and is different depending on the type of service organization control (SOC) audit report.
Our firm has spent a fair amount of time discussing the differences between SSAE 16 (SOC 1, formerly SAS 70) and AT 101 (SOC 2) audit reports with many individuals from a significant number of companies in a variety of industries. So what are the differences? In short, the structure and the content of the […]
Recently, the AICPA has started referring to SSAE 16 reports as SOC 1 reports. SOC stands for service organization control reports. Not to be confused with SOX, which most know is an acronym for the Sarbanes-Oxley Act of 2002. In any case, the AICPA is trying to simplify the many different types of reports service […]