SOC 1 Examinations

Often a service organization is requested to undergo a SOC 1 examination by customers or prospects that rely on the company’s services which impact financial and other reporting. The purpose is to provide assurance that the organization’s internal controls not only exist but are properly functioning. This provides user organizations with a level of comfort about the outsourced services provided. In other words, it provides customers and prospects with reassurance that your company’s processes will not adversely impact their financial reporting.

SOC 1 Certification Process

Our team works with management to outline the audit scope, identify critical controls to test, conduct a readiness assessment, map internal controls, review existing policies and procedures, perform risk assessments, and schedule the audit fieldwork. The process is infused with clear benchmarks, established deadlines, and features open communication with auditors. This approach creates a transparent process that results in the timely issuance of the SOC 1 report. The report serves as an attestation that the service organization’s internal controls are in place and operating effectively to safeguard client financial data.

SOC 1 Report Experience

PBMares has significant experience working with organizations to meet their SOC 1 reporting needs. Whether initiated by management or client request our seasoned team stands ready to assist. Our team has significant experience providing SOC 1 reports to several companies, including:

• Payroll Processors
• Loan Servicers
• Medical Claims Processors
• Data Centers (managing financial data)
• Accounting Software Providers
• Trust Departments
• Investment Advisors
• Other organizations tasked with managing critical financial functions for clients

Types of SOC 1 Reports

Depending on the reason for the report, an organization may need to conduct a SOC 1 Type 1 or a SOC 1 Type II examination. There are important differences between the two including: