Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting
Our dedicated team delivers Type I and Type II SOC 1 audits (previously known as SAS 70 and/or SSAE 16) that meet the highest levels of user scrutiny and satisfy all service organization, user organization, and user auditor requirements.
This report meets the needs of user entities’ management and auditors as they evaluate the effect of a service organization’s controls on a user entity’s financial statement assertions. These reports are important components of user entities’ evaluation of their internal controls over financial reporting for purposes of compliance with laws and regulations and for when user entity auditors plan and perform financial statement audits.
SOC 1 audit engagements are performed under Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting (AICPA, Attestation Standards, AT-C sec. 320), and the AICPA guide, Service Organizations Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting.
Our team is well versed in all things related to SOC 1 audits (and SOC 2 audits), so we know the various types of audits can be confusing. We assist our clients in determining the correct type of audit needed. The two types of SOC 1 audits are detailed in the following table:
|TYPE I||TYPE II|
|An independent report on the design of the controls at a service organization (i.e., does it describe what actually exists).||An independent report on the design and operating effectiveness of key controls at a service organization (i.e., does it describe what actually exists, and do they achieve what they were intended to achieve).|
|Represents a service organization’s description of controls at a specific point in time.||Represents a service organization’s description of controls throughout a specified period.|
|Usually can be completed quickly, giving the service organization a report they can provide to their clients within as little as a few weeks.||There must be at least six months of auditable activity available as well as additional time in the audit procedures to complete testing of those control activities. Once the testing has been completed, the final report is issued to the service organization within a couple of weeks.|
At Linford & Company, we make it our priority to ensure our clients receive the most accurate and effective SOC 1 audit reports at reasonable cost and disruption. For further details or to engage our services, please contact us.