The American Institute of Certified Public Accountants has issued a new set of standards of auditing service organization called Service Organization Control (SOC) reports. These standards replace what was previously known as a SAS 70 audit.
Many service organizations depend upon the integrity of their information technology environment in order to serve and protect their customers and their business. Many organizations find that having a SOC report may result in benefits including:
- Increased client and customer confidence
- Enhanced risk management
- Improved competitive advantage
- Streamlined business processes and controls
What are the SOC reports?
- SOC 1: Reports on Controls at a Service Organization Relevant to User Entites' Internal Control Over Financial Reporting
- Type 1 - A report on management's description of the service organization's system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
- Type 2 - A report on management's description of the service organization's system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
- SOC 2: Reports on Controls at a Service Organization Relevant to Security Availability, Processing, Integrity, Confidentiality, and Privacy.
- SOC 3: Trust Services Report for Service Organization.
For more information on obtaining a Service Audit please contact us.