What is a SOC 1 report?
Created by the American Institute of CPAs (AICPA,) a SOC 1 (System and Organization Controls) report is designed to provide insightful information relevant to the User Entities’ Internal Control over Financial Reporting (ICFR).
Financial information is one of the most sensitive areas of an organization and the controls around those finances are crucial. The SOC 1 procedure looks into an organization’s security and business processes to see if there are any risks to users’ financial information.
How It Works
Let’s dive into the type of SOC 1 reports. It is vital for your organization to understand what type of reporting your business needs and/or what your customers expect to see.
Should the report be a point in time? Should the report cover a period of time? Or are you at a place where your organization just needs to get started?
Either way, our trained professionals at Insight Assurance are here to assist. Below is a high-level overview of the type of SOC 1 engagements available:
SOC 1 Readiness Assessment
Aims to support organizations looking to attain SOC 1 compliance. The Insight Assurance SOC 1 readiness process assesses the control environment against the AICPA’s SOC 1 requirements in order to identify GAPs in policies or procedures and provide you with a roadmap to an effective SOC 1 Type 1 examination.
SOC 1 Type 1 report
Focuses on the effectiveness and design of procedures and internal controls which may affect financial reporting put in place by an organization at a certain point in time.
SOC 1 Type 2 report
Focuses on the effectiveness and design of procedures and internal controls which may affect financial reporting put in place by an organization throughout a certain time period. An examination period is typically anywhere between 3-12 months. It is recommended that organizations complete a type 1 assessment prior to beginning their type 2 report.