March 25, 2016

What is a SOC 1 Report?

By Ben Osbrach, National Risk Advisory Leader

What is a SOC 1 Report?

A SOC 1 Report (Service Organization Control Report) is a written documentation of the internal controls at a service organization as they pertain to the user entities’ controls over financial reporting. SOC 1 reports were implemented by the American Institute of CPAs to improve the regulatory and risk standards and safeguards for outsourced services.

What is the Reason Behind SOC 1 Reports?

It is common today for many businesses to outsource tasks or functions to service organizations, some that are even core to the organization’s operations. The Sarbanes-Oxley Act and other accounting standards in the U.S. and globally require service organization’s to demonstrate that they have adequate regulatory and risk standards in place over their clients’ financial controls.

Who Uses a SOC 1 Report?

A SOC 1 Report is used by organizations that outsource a specific service that can impact their internal controls over financial report. Today this can be just about any industry but typically requestors are publicly traded or organizations, financial services, healthcare, government and highly regulated industries.

Why is a SOC 1 Report Needed?

The big increase in demand for SOC 1 audit reports started after the Public Company Accounting Oversight Board (PCAOB) indicated that public corporations auditors could rely on a SOC 1 Type II audit during the annual assessment of management internal controls. Since that time, SOC 1 has become an internationally recognized standard and customers use a SOC 1 audit report as a method of establishing that they are a credible organization.

How is a SOC 1 Report Implemented?

Most reports begin with a risk assessment that identifies an entity’s strengths and weaknesses. Detailed assessment reports and action plans establish a framework from which an organization can implement short- and long-term strategies to improve their internal controls. The report helps an organization prioritize risks to reduce threats and vulnerabilities to a business’ reputation.

What are the Chief Benefits of SOC 1 Reports?

  • Compliance with regulatory requirements
  • Less need for frequent audits
  • Improved risk management
  • Increased customer trust
  • Satisfaction of external audit requirements

For more information about SOC 1 reports or to learn more about the Marcum LLP Risk Advisory Services Group, email Ben Osbrach.