SOC 1 Examination
A SOC 1 is an examination of the services performed by a service organization and the controls related to those services that may affect a user entity’s internal control over financial reporting.
Audit Peak’s SOC 1 services help service organizations to provide third-party assurance and comfort to their clients (user entities) and their client’s auditors (user auditors).
Increase Transparency With Internal & External Stakeholders
SOC 1 Readiness Assessment
Pursuing a SOC 1 for the first time and need to determine your preparedness?
Audit Peak will prepare you for a successful SOC 1 engagement. Audit Peak will perform a thorough review of your organization and the existing control environment including the policies, procedures, IT general controls and business processes supporting the service. We will provide you with a detailed gap assessment outlining the current controls in place that would satisfy the SOC 1 standards. The deliverable will also include the control deficiencies/gaps along with best practices for remediating the deficiencies/gaps identified, and any key controls that must be remediated prior to pursuing a Type 1 or Type 2 report.
Build Trust And Bolster Your Reputation
SOC 1 Type 1 Report
Report as of a point in time
A service organization can pursue a Type 1 report with or without an initial Readiness(Gap) Assessment, however there are important considerations for success. The Type 1 report is performed as of a specific date meaning that the system and controls must be designed and implemented as of that specified date. Accordingly, the SOC 1 Type 1 focuses on:
- The fairness of management’s description of the service organization’s system.
- The suitability of the design of the service organization’s controls relevant to user entities’ internal control over financial reporting.
Gain Competitive Advantage And Meet Commitments
SOC 1 Type 2 Report
Report covering a period of time
A SOC 1 Type 1 report does not provide the service organization’s management, existing customers or the service auditor with any assurance that the control objectives stated in management’s description of the service organization’s system were achieved. Assurance is obtained through the performance of a SOC 1 Type 2 engagement, which covers a period of time (typically between 3 and 12 months). In addition to reviewing the suitability of the design of the service organization’s controls relevant to user entities’ internal control over financial reporting, a SOC 1 Type 2 engagement also assesses the operating effectiveness of those controls over the review period.