Service Organization Control ("SOC") Audit In today's regulatory-intense marketplace, third party service organizations are noticing more user organization RFPs that require an SOC 1 or SOC 2 audit report to assert that internal controls are appropriately designed and operating effectively, with the primary goal of protecting user organization data and transactions. Those service organizations that can provide an SOC 1 or SOC 2 audit report from an independent CPA firm can differentiate themselves in the marketplace and demonstrate a strong commitment to protecting user organization assets.
Quasar Associates can assist you with your SOC audit readiness and compliance efforts. Our team of What is an SOC 1 Audit? A Service Organization Control 1 Audit (“SOC 1 Audit”) is conducted by an independent CPA audit firm under the American Institute of Certified Public Accountants (“AICPA”) Statement on Standards for Attestation Engagements (“SSAE”) number 18 (which superseded prior audit standards “SSAE 16” and "SAS 70"). A SOC 1 audit report provides an independent assessment of a service organization's internal controls and safeguards when that company hosts or processes financial transactions and data belonging to their clients, the user organizations. Widely recognized as a mark of internal control quality, an SOC 1 audit demonstrates that a service organization has conducted an in-depth audit of their control activities, including entity level, financial and information technology related internal controls. The SOC 1 audit report provides credible proof to your customers and prospects that their critical data and transactions are secure. Types of SOC 1 Audits Type I - Officially known as a "Report on Controls Placed in Operation" or an Type I SOC 1 Audit Report, this audit provides an independent verification by a licensed CPA firm as to whether control activities described by the service organization are suitably designed to meet specified control objectives and whether the controls were in place as of a specified review date. In a Type I SOC 1 audit, the audit firm is verifying that the relevant controls were placed in operation as of a specified date. However, the Type I audit does not verify the operating effectiveness of the controls by testing them over a period of time. Type II - Officially known as a "Report on Controls Place in Operation and Tests of Operating Effectiveness" or a Type II SOC 1 Audit Report, this audit provides independent third party verification by a licensed CPA firm as to whether control activities described by a service organization are suitably designed to meet specified control objectives and were in place and operating effectively over a period of time that is typically at least a six month period. Benefits of an SOC 1 Audit An SOC 1 audit offers many potential benefits to service organizations, such as the following:
.
|