By Beni Venkatesan, Senior Manager
Overview
It used to be common for firms to rely on internal / overhead support to perform all operational tasks, including payroll, Information Technology (IT), and facilities management. However, the upkeep of such operations can be costly and inefficient. As organizations began to look for efficiencies, many turned to Service Organizations to perform these duties. A Service Organization can complete the process cheaper, faster, and more efficiently than the User Entities.
However, when user entities outsource these operations, it also outsources the internal control functions that were previously in-house. So, how do User Entities gain assurance that the outsourced controls relevant to their financial reporting processes are effective? That is where a SOC 1® Report comes into the picture. The SOC 1® Report provides User Entities with assurance that the controls that Service Organizations have put in place to protect their assets are effective.
Here are some key terms included in Attestation Standard – Clarified (AT-C) 320 that are common to every SOC 1® Report:
Contents of a SOC 1® Report
After a Service Organization hires a qualified, independent Service Auditor, there are requirements for each SOC 1® Report. A brief overview of the minimum requirements to look for in every SOC 1® Report (focus on Type 2), which all contain five total sections, is shown below.
Connect with Us
This publication is for informational purposes only and does not constitute professional advice or services, or an endorsement of any kind.
Kearney is a Certified Public Accounting (CPA) firm focused on providing accounting and consulting services to the Federal Government. For more information about Kearney, please visit us at www.kearneyco.com or contact us at (703) 931-5600.