Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting

SOC 1 imageOur dedicated team delivers Type I and Type II SOC 1 (previously known as SAS 70 and/or SSAE 16) audits that meet the highest levels of user scrutiny and satisfy all service organization, user organization, and user auditor requirements.

This report meets the needs of user entities’ management and auditors as they evaluate the effect of a service organization’s controls on a user entity’s financial statement assertions. These reports are important components of user entities’ evaluation of their internal controls over financial reporting for purposes of compliance with laws and regulations and for when user entity auditors plan and perform financial statement audits.

SOC 1 engagements are performed under Statement on Standards for Attestation Engagements (SSAE) No. 18, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting (AICPA, Attestation Standards, AT-C sec. 320), and the AICPA guide, Service Organizations Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting.

Schedule a Consultation

Our team is well versed in all things SOC 1 and SOC 2, so we know the various types of audits can be confusing. We assist our clients in determining the correct type of audit needed. The two types of SOC 1 audits are detailed in the following table: 

SOC 1

An independent report on the design of the controls at a service organization (i.e., does it describe what actually exists). An independent report on the design and operating effectiveness of key controls at a service organization (i.e., does it describe what actually exists, and do they achieve what they were intended to achieve).
Represents a service organization’s description of controls at a specific point in time. Represents a service organization’s description of controls throughout a specified period.
Usually can be completed quickly, giving the service organization a report they can provide to their clients within as little as a few weeks. There must be at least six months of auditable activity available as well as additional time in the audit procedures to complete testing of those control activities. Once the testing has been completed, the final report is issued to the service organization within a couple of weeks.
To ensure consistency in service and delivery, our audit team uses a proven approach in all of our engagements. Please see Our Process for further information.

At Linford & Company, we make it our priority to ensure our clients receive the most accurate and effective SOC 1 audit reports at reasonable cost and disruption. For further details or to engage our services, please contact us.