SOC 1

SOC 1 Report: What is it?

Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting: SOC 1 engagements are performed under SSAE 16 or ISAE 3402 (International Standard) for Reporting on Controls at a Service Organization. SOC 1 reports are examination engagements undertaken by a service auditor to report on controls at an organization that provides services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting.

There are two types of SOC 1 reports:

Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.


Leave a Reply