SOC 1 Audit

Service Organization Control ("SOC") Audit

In today's regulatory-intense marketplace, third party service organizations are noticing more user organization RFPs that require an SOC 1 or SOC 2 audit report to assert that internal controls are appropriately designed and operating effectively, with the primary goal of protecting user organization data and transactions.  Those service organizations that can provide an SOC 1 or SOC 2 audit report from an independent CPA firm can differentiate themselves in the marketplace and demonstrate a strong commitment to protecting user organization assets. 

Quasar Associates can assist you with your SOC audit readiness and compliance efforts.  Our team of experienced associates will provide education regarding SOC audit requirements, assist with readiness assessment, conduct the actual SOC audit, and deliver a corresponding SOC audit report.  Our goal is to help you execute your SOC audit in an efficient, affordable manner that will not disrupt your business.

What is an SOC 1 Audit?

A Service Organization Control 1 Audit (“SOC 1 Audit”) is conducted by an independent CPA audit firm under the American Institute of Certified Public Accountants (“AICPA”) Statement on Standards for Attestation Engagements (“SSAE”) number 18 (which superseded prior audit standards “SSAE 16” and "SAS 70").  A SOC 1 audit report provides an independent assessment of a service organization's internal controls and safeguards when that company hosts or processes financial transactions and data belonging to their clients, the user organizations.

Widely recognized as a mark of internal control quality, an SOC 1 audit demonstrates that a service organization has conducted an in-depth audit of their control activities, including entity level, financial and information technology related internal controls.  The SOC 1 audit report provides credible proof to your customers and prospects that their critical data and transactions are secure.

Types of SOC 1 Audits

Type I - Officially known as a "Report on Controls Placed in Operation" or an Type I SOC 1 Audit Report, this audit provides an independent verification by a licensed CPA firm as to whether control activities described by the service organization are suitably designed to meet specified control objectives and whether the controls were in place as of a specified review date.

In a Type I SOC 1 audit, the audit firm is verifying that the relevant controls were placed in operation as of a specified date.  However, the Type I audit does not verify the operating effectiveness of the controls by testing them over a period of time.

Type II - Officially known as a "Report on Controls Place in Operation and Tests of Operating Effectiveness" or a Type II SOC 1 Audit Report, this audit provides independent third party verification by a licensed CPA firm as to whether control activities described by a service organization are suitably designed to meet specified control objectives and were in place and operating effectively over a period of time that is typically at least a six month period.

Benefits of an SOC 1 Audit

An SOC 1 audit offers many potential benefits to service organizations, such as the following:

  • Provides customers (user organizations) with independent third party verification regarding the state of internal controls that govern their outsourced transactions and data.
  • Can be accepted by a user organization's financial statement auditors as a substitute for those parties performing their own first-hand audit procedures (which would normally be performed on-site at the service organization). 
  • Sarbanes-Oxley auditing regulations identify the Type II SOC 1 audit report as the only acceptable substitute for an auditor performing their own first-hand testing of a service organization's controls.
  • Distinguishes the service organization from its competitors.  Normally, service organizations highlight the successful completion of an SOC audit in marketing materials because of the high value placed on the audit by the business community.
  • Presents an opportunity to gain a competitive advantage over rival companies that have not yet developed a comprehensive internal control assurance process. 
  • Helps a service organization build trust with its customers by providing independent verification that proper controls are in place.
  • If properly designed, can provide benefits similar to an internal audit function for service organizations that do not currently have an internal audit department.  This often leads to identification of improvement opportunities in related operational areas.

.

For a Free Consultation regarding your company's SOC 1 or SOC 2 audit, please fill out the form below or contact us directly.

Name
Phone
Email
Best Time To Call
Comments