Understanding Your SOC 1 Report: What is an SOC 1 Report?

February 6, 2018
Learn more at https://kirkpatrickprice.com/video/understanding-your-soc-1-report-what-is-a-soc-1-report/ Does your service organization affect user organization’s financial reporting? A SOC 1 would apply to you. SOC 1 engagements are based on the SSAE 18 standard developed by the AICPA and report on the effectiveness of internal controls at a service organization that may be relevant to their client’s internal control over financial reporting (ICFR). A SOC 1 report is the only type of SOC report that evaluates and tests financial reporting. In a SOC 1 report, an independent auditor attests that management’s description of a service or system is suitably designed and that the controls are suitably designed in the attainment of the control objectives. SOC 1 reports issued by KirkpatrickPrice will contain a fair presentation and description of the internal controls within the scope of the audit. The controls described will be only those that may be related to a user organization’s ICFR, and to the services that service organizations provides to them. It will also describe the objectives of each control, whether the controls were suitably designed to achieve their objectives, and, for Type II audit engagements, whether the controls were operating effectively throughout the review period. A SOC 1 report also includes five major sections, which map with the five Committee of Sponsoring Organizations (COSO) components: control environment, risk assessment, control activities, information and communication, and monitoring. The control environment is the foundation for all other components of internal control. It sets the tone of an organization that influences the control consciousness of its people. In other words, it establishes the overall attitude, awareness, and actions of the board of directors, management, and employees concerning the importance and emphasis of internal control in the entity. Risk assessment is not just the identification and evaluation of the significance of risk, but also involves how those risks are to be managed. COSO states that risks relevant to financial reporting include external and internal events that may occur and adversely affect the achievement of financial reporting objectives. Control activities may be preventative or detective, and include the traditional internal controls, such as processing, recording, approving, and reconciling transactions. They occur on a day-to-day routine basis throughout the organization and at all levels to record the transactions and events that create the financial statements. Controls fall into three categories; general controls; application controls; and physical controls. Information and communication refers to the identification, retention, and transfer of information in a timely manner enabling personnel to execute their responsibilities. The quality of information impacts management's capacity to make decisions to direct the entity's activities and prepare financial statements. Communication includes obtaining, providing, and sharing information, both internally and externally. Monitoring is a process that evaluates whether each of the five internal control components, and the principles within each component, are present and functioning. The process may be achieved through separate evaluations or ongoing activities. Monitoring also includes initiating appropriate corrective actions. A SOC 1 report provides an independent opinion on the establishment of effectively designed control objectives and control activities. A SOC 1 report is issued by a qualified, independent, certified public accounting firm. If you want to learn more about what it takes to complete a SOC 1 audit, contact us today. Stay Connected Twitter: https://twitter.com/KPAudit LinkedIn: https://www.linkedin.com/company/kirk... Facebook: https://www.facebook.com/kirkpatrickp... More Free Resources Blog: https://kirkpatrickprice.com/blog/ Webinars: https://kirkpatrickprice.com/webinars/ Videos: https://kirkpatrickprice.com/video/ White Papers: https://kirkpatrickprice.com/white-pa... About Us KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR ISO 27001, FISMA, and CFPB frameworks. For more about KirkpatrickPrice: https://kirkpatrickprice.com/ Contact us today: 800-770-2701 https://kirkpatrickprice.com/contact/
Previous Video
What's The Difference Between SOC 2 Type I Vs SOC 2 Type II?
What's The Difference Between SOC 2 Type I Vs SOC 2 Type II?

Learn more at https://kirkpatrickprice.com/video/soc-2-type-i-vs-soc-2-type-ii/ A SOC 2 audit, or Service O...

Next Video
PCI Requirement 9.5 – Physically Secure all Media
PCI Requirement 9.5 – Physically Secure all Media

Learn more at https://kirkpatrickprice.com/video/pci-requirement-9-5-physically-secure-media/ At your organ...