SOC 1 Reports

SOC 1/SSAE 18 Report – SOC for Service Organizations: ICFR

The AICPA’s SOC 1 report is the brand name for reports prepared in accordance with ATC-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. 

Purpose and Intended Audience

SOC 1 reports are a “restricted use report” as they are intended solely for use by entities that use service organizations (“user entities”) and their auditors to plan and perform an audit or integrated audit of the user entities' financial statements. Use of these reports is restricted to (1) management of the user entity; (2) auditors of the user entity’s financial statement; and (3) management of the service organization. 

Types of SOC 1 Reports

There are two types of SOC 1 reports. 

REPORT TYPE

REPORT COMPONENTS

Type 1 Report

  1. Opinion on whether management’s description of the service organization’s systems is fairly presented
  2. Opinion on the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date

Type 2 Report

  1. Opinion on whether management’s description of the service organization’s systems is fairly presented
  2. Opinion on the suitability of the design of the controls to achieve the related control objectives included in the description throughout a specified period
  3. Opinion on the operating effectiveness of the controls along with a detailed description and the results of the tests performed in order to form that opinion

 

MORE INFORMATION

The practitioners at MFA are well-versed in assessing a firm’s internal controls and providing proactive guidance in this area. To learn more about our SOC 1 examinations, please contact the MFA team today.

AICPA SOC Report

 

 

RELATED TEAM MEMBERS

Michelle Kupka Audit Partner (978) 557-5342
Michelle Mackey Partner – Performance & Controls Practice (978) 569-2909

DOWNLOAD BROCHURE

Contact Us
Message
Back