SOC 1 Reports

SOC 1 assessments provide assurance on a service organizations internal controls over financial reporting.  SOC 1 user entities are organizations that outsource certain business functions to a service provider.  The functions that are outsourced typically involve financial data that may impact the user entities internal controls for financial reporting.  Therefore, the organization may require that the service provider be assessed for a SOC 1 report.  

​

In most cases, the service providers that undergo SOC 1 assessments have customers that are publicly traded and undergo financial audits annually.  As part of the user entity's (customer of the service provider) financial audit, the auditor will assess the risk of outsource services that may impact the financial information presented on the Financial Statements.  These auditors (user auditors) are the primary report users for SOC 1 Reports. 

​

The SOC 1 Report will provide the user auditor information on controls of the service provider to give assurance on the accuracy and reliability of the financial data processed and/or reported by the service provider.

​

There are 2 types of SOC 1 reports that may be performed (type 1 or type 2).  A type 1 reports on the "Suitability of the Design of Controls".  A type 2 reports on the "Suitability of the design and operating effectiveness of controls".  See report types for more info.