Backing Up Your Customers’ Financial Statement Assertions
When the service you provide a customer impacts their financial statements, they want to know that your controls are solid. In the same way, your customer’s financial statement auditor needs assurance that you have sound internal control practices. Your ability to provide such an assurance can impact your ability to land and retain those customers.
Publicly traded companies as well as those with regulatory requirements, like companies in the finance or health care industries, are required to get a SOC 1 / Statements on Standards for Attestation Engagements (SSAE) 18 report from you. If you are getting requests from your customers regarding your internal controls, a SOC 1 report is the documentation they need to demonstrate that you have effective internal controls in place.
There are two types of SOC 1 reports available:
- SOC 1, Type I – A look at whether controls are properly designed, in place and documented as of a certain point in time.
- SOC 1, Type II – A look at whether controls are properly designed, in place and documented across a period of time. This is the report auditors believe provides the assurance needed over the outsourcer’s finances.
SOC 1 reports are restricted. This means that the service organization (you), user entity (your customer) and user entity’s auditor are the only ones who can use this report.
SOC 1 / SSAE 18 Experience: We’ll use our strong internal control background and vast industry experience to assess your situations and help you determine your best next step. Our SOC team has documented and tested accounting processes for public and private companies as well as nonprofit organizations. In addition, we performed many Statement on Auditing Standards (SAS) 70 audits before they evolved into the current Statements on Standards for Attestation Engagements (SSAE) 18 / SOC 1 reporting process.
When you get requests for a SOC 1 report, contact us to see which version you need and how we can help. If you are new to SOC reporting, our SOC FAQs can answer some of the questions you have and provide additional details on the reporting.