A SOC 1 examination is a highly specialized engagement that requires a unique understanding of third-party internal controls, specialized audit skillsets, and extensive experience with many unique service providers and user entities with varying interests and expectations. A SOC 1 report, as defined by the American Institute of Certified Public Accountants (AICPA), is a "Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting: SOC 1 engagements are performed, Reporting on Controls at a Service Organization."
360 Advanced is a PCAOB registered CPA firm. You can count on our team of experts to design a compliance program customized to your specific needs.
The Advanced team provides three main types of SOC 1 Services – SOC 1 Readiness Assessment, Type 1 Report, and Type 2 Report. These services are described as follows:
- SOC 1 READINESS ASSESSMENT: The objective of a SOC 1 Readiness engagement is to conduct a preliminary assessment and provide guidance that will empower the service organization to successfully prepare for, and achieve, an unqualified opinion on a SOC 1 Type 1 or Type 2 examination (see below). This is accomplished by identifying specific controls and control gaps related to the achievement of control objectives for the services being audited, then by providing specific, actionable guidance for improving and maintaining the system of controls.
- SOC 1 TYPE 1 EXAMINATION SERVICES: The objective of a SOC 1 Type 1 examination conducted by Advanced is the expression of an opinion about whether internal controls have been effectively designed to meet certain control objectives related to the services provided by a service organization to its clients. The engagement is conducted in a manner that establishes the design of the system of controls as of a point in time, and to assist the service organization in improving the capability maturity of its core processes (and ultimately to be prepared to receive an unqualified opinion a SOC 1 Type 2 examination).
- SOC 1 TYPE 2 EXAMINATION SERVICES: The objective of a SOC 1 Type 2 examination conducted by Advanced encompasses the objectives of a SOC 1 Type 1 examination, and additionally includes an expression of an opinion about whether controls were operating effectively to meet the specified control objectives during a specific period of time. The engagement is conducted in a manner that promotes continuous process improvement, and adaptation to changing circumstances in regards to the industry and user organization expectations.
The product of the audit is presented by the auditor to the service organization in the form of a Service Auditor's Report. The report can be either a Type 1 or Type 2.