Compliance Services
SOC 1 Reports Your Clients' Auditors Will Trust
When your clients' auditors request an SSAE 18 report, give them one from a firm enrolled in AICPA peer review with dual US-Swiss credibility. Type I and Type II reports delivered with the efficiency of a focused, specialist firm.
What Is a SOC 1 Audit?
A SOC 1 report is an independent auditor's assessment of a service organization's internal controls over financial reporting (ICFR), issued under SSAE 18 (US) or ISAE 3402 (international) standards. Conducted by licensed CPA firms, SOC 1 reports are the authoritative standard for organizations whose services directly affect their clients' financial statements.
SOC 1 reports are essential for payroll processors, claims administrators, loan servicers, financial services firms, data centers hosting financial applications, and any service organization whose operations impact client financial reporting. They provide the third-party assurance that external auditors, regulators, and enterprise clients require.
Auditsuisse is a US CPA firm enrolled in AICPA peer review with Swiss operations, giving our SOC 1 reports the credibility needed by both US and international stakeholders. We deliver Type I and Type II reports with the efficiency and precision that service organizations demand.
What's Included
Comprehensive SOC 1 Engagement
Control Environment Review
Thorough assessment of your internal control environment, including IT general controls and business process controls relevant to financial reporting.
Control Objective Testing
Detailed testing of each control objective and related controls to verify they are suitably designed and operating effectively.
Formal SOC 1 Report
Type I or Type II report issued under SSAE 18 standards by our licensed US CPA firm, with ISAE 3402 dual-reporting available.
Management Assertions
Guidance on preparing accurate management assertions and system descriptions that meet AICPA requirements.
User Entity Considerations
Clear documentation of complementary user entity controls (CUECs) to support your clients' own audit requirements.
Subservice Organization Guidance
Expert advice on the inclusive vs. carve-out method for subservice organizations within your control environment.
Our Process
From Planning to Report Delivery
Scoping
Define control objectives, identify in-scope systems, and establish the examination period and report type.
Preparation
Review system descriptions, assess control design, and identify any gaps requiring remediation before fieldwork.
Examination
Perform detailed testing of controls through inquiry, observation, inspection, and re-performance procedures.
Reporting
Issue the final SOC 1 report with our CPA firm's opinion, management letter, and recommendations for ongoing compliance.
Frequently Asked Questions
What is a SOC 1 report?
A SOC 1 report evaluates the internal controls at a service organization that are relevant to their clients' financial reporting. Issued under SSAE 18 (US) or ISAE 3402 (international) standards, SOC 1 reports help user entities and their auditors assess the impact of a service organization's controls on their financial statements.
Who needs a SOC 1 report?
Organizations that process transactions or provide services that affect their clients' financial reporting typically need a SOC 1 report. Common examples include payroll processors, claims processors, loan servicers, data centers hosting financial applications, and SaaS platforms that handle financial transactions or accounting data.
What is the difference between SOC 1 and SOC 2?
SOC 1 reports focus on controls relevant to financial reporting (ICFR), while SOC 2 reports focus on controls related to security, availability, processing integrity, confidentiality, and privacy. If your services affect your clients' financial statements, you likely need SOC 1. If clients need assurance over data security and operational controls, SOC 2 is the appropriate report.
Get Started
Get Your SOC 1 Timeline
Enrolled in AICPA peer review, our team delivers SOC 1 reports that satisfy auditors and regulators across jurisdictions.