As defined by AICPA, Service Organizations Control reports are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service. Statement on Auditing Standards (SAS) # 70, that was being used since 1992 for reporting on service organizations has now been replaced by two new standards:
• Statement on Standards for Attestation Engagements (SSAE16) for
reporting on controls for financial statement audits.
• Attestation Engagements (Section 101) for reporting on controls related
to compliance or operations.
According to AICPA, there are three types of SOC organization (SOC1 through SOC3). For clarification of applicable auditing standards for each types of SOC, please refer to the following table:
New Standards & Options |
Service ORG
CONTROL 1 (SOC 1) |
|
Service ORG
CONTROL 2 (SOC 2) |
|
Service ORG
CONTROL 3 (SOC 3) |
SSAE 16-Service auditor guidance |
|
AT 101, Attestation Engagement |
|
AT 101, Attestation Engagement |
Restricted Use Report
(Type I or II report) |
|
Restricted Use Report
(Type I or II report) |
|
General Use Report
(Type I or II report) |
Reports on controls for F/S audits |
|
Reports on controls related
to compliance or operations |
|
Reports on controls related
to compliance or operations |
|
|
Trust Services Principles & Criteria |
SOC Readiness & Maintenance Services:
We provide SOC readiness implementation services including annual maintenance and testing of controls. As part of these services, we assist Services Organizations to accomplish the following:
• Risk Assessment
• Design and implementation of controls to address identified risks
• Walkthroughs and Testing of operating effectiveness of controls
for Type II reports
• Assistance in preparation of:
— Policies and Procedures and process narratives
— Preparation of description of services being provided including controls
implemented and results of testing (for Type II) for presentation to
user organizations
|