A SOC 1 report results from an engagement under a Statement on Standards for Attestation Engagements, SSAE 16 – Reporting on Controls at a Service Organization. SSAE 16 examines internal controls at a service organization that impact a user entity’s internal control over financial reporting. This report is to be used only by auditors of user organizations and the management of user entities. SSAE 16 requires the same level of evidence and assurance expected under the former SAS 70 service auditor engagement. It essentially fills the role of a SAS 70 report as it was originally intended.
When your company obtains a SOC 1 report, it receives a document that differentiates the organization from its peers by showcasing its effectively designed control objectives and control activities. This report also ensures that all user organizations and their auditors have access to the same, consistent information. In many cases, the document will satisfy the user auditor’s requirements. The absence of a current report means that an organization may have to complete multiple audit requests from entities and their respective auditors. Visits from multiple user auditors can place an immense strain on your resources and staff.
The auditors of the service organization’s customers can use the SOC 1 report to gain an understanding of the internal controls of the organization. This allows for analysis and assessment of internal control risk for the purposes of planning and executing a comprehensive financial audit.
For more information regarding our SOC 1 reports and services, contact Holbrook & Manter today.