A SOC 1 report – prepared according to the American Institute of Certified Public Accountants’ (AICPA’s) Statement on Standards for Attestation Engagements (SSAE) No. 16 – describes a service organization’s internal controls over financial reporting (ICFR). Two types of SOC 1 reports exist:
- SOC 1, Type 1 Report. It informs the organization’s clients (users) and users’ accountants that its internal controls are accurately described, in place, and structured to accomplish its financial control objectives.
- SOC 1, Type 2 Report. This report goes further than the Type 1 Report and informs the reader about the operating effectiveness of the controls during a defined period. The Type 2 report also thoroughly describes the auditors’ procedures and results of the verification tests.