Service Organization Controls Report Overview
As stated in the chart above, SOC 1 engagements are now performed in accordance with SSAE 16, Reporting on Controls at a Service Organization. SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements.
SOC 2 and SOC 3 engagements address controls at the service organization that relate to operations and compliance. Specifically, these engagements focus on a service organization’s security, availability, processing integrity, confidentiality or privacy (or the Trust Services Principles & Criteria). These engagements are performed in accordance with AT101 guidance.
For users of data center hosting or cloud computing (as examples), the AICPA SOC 1 report which focuses on testing internal control over financial reporting, may not provide the additional assurance regarding operational and/or broader controls relevant to security, availability, processing integrity, 
confidentiality and/or privacy, which are covered in a SOC 2 or SOC 3 report.
For current information on the SOC reports and guidance please also visit: The Service Organization Control (SOC) Reporting website at: www.aicpa.org/SOC
What Can RubinBrown Do For You?
As a PCAOB registered accounting firm, we have an experienced team who have led and performed numerous service organization control report examinations. This team is led by a partner on the AICPA Information Technology Executive Committee and the AICPA Data Integrity Committee.
Helpful Resources
Click here to view the article titled "SAS70 or SSAE16 or SOC - Which Report Should You Use?"
Click here to download RubinBrown's Service Organization Control Report brochure
Click here to read the AICPA article titled "A New Series of Reporting Options for Service Organizations"
Click here to view the AICPA presentation on SOC Reports
Click here to view the AICPA SOC Reports flyer
Click here to read an article on SSAE16/SAS70 from the Fall 2010 issue of Horizons
Click here to review frequently asked questions about the new service organization standards
Click here to read an article titled "Understanding How Users Would Make Use of a SOC2 Report"
Click here to read AICPA Service Organization Control Brochure
RubinBrown SOC Reference Guide and Diagnostic Checklist
Download the RubinBrown SOC Reference Guide and Diagnostic Checklist to determine what report is best for you and your company.
The RubinBrown SOC Reference Guide and Diagnostic Checklist includes the following:
- RubinBrown SOC Diagnostic Checklist lists key questions you should ask yourself when determining which report to prepare.
- Summary of the changes and a detailed description of the different reports.
Download your Reference Guide and Diagnostic Checklist here:
Email Marketing You Can Trust
Service Organization Controls Contact Us
We welcome your questions or comments about Service Organization Control Reports (SOC 1,2,3) or the Business Advisory Services Group. For more information, please contact:
Audrey Katcher, CPA, CISA,CITP
Partner-In-Charge
314.290.3420
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Events and Seminars
| Microsoft Dynamics Inventory Control Module (St. Louis) Mon Jun 18 @ 8:30AM - 05:00PM |
| Cloud Insight Series: Navigating The Roadmap (St. Louis) Tue Jun 19 @ 8:00AM - 10:00AM |
| Microsoft Dynamics Sales Order Processing Module (St. Louis) Tue Jun 19 @ 8:30AM - 05:00PM |
| Microsoft Dynamics Purchase Order Processing Module (St. Louis) Wed Jun 20 |
