SOC1 Examinations

Building trust and transparency for your clients
 
"Trust is built in very small moments."
Brené Brown
 
Image

Are potential investors asking for assurances related to your operational controls?  Are you able to clearly and definitively communicate these efforts to your key business partners, existing clients, and regulators?  SOC for Service Organization reports are internal control reports, which independent CPAs provide, to convey valuable information your users need to assess the effectiveness of your internal control structure, helping to build trust and transparency.  Undergoing a SOC1 examination helps reduce the compliance burden on your firm by meeting the needs of multiple users through one widely recognized report.  The partners at AAG have over 10 years of experience providing these types of control reports for investment management firms.  Whether you are new to the SOC process or have been receiving a SOC examination for years, let the experienced team at AAG save you time and resources. 

Within the SOC1 exam, there are two types of reports a CPA firm can issue.  Which type you choose is typically driven by the needs of your users.

Type 1 Exam

A SOC1 Type 1 examination provides users with assurances related to the operating design of a firm’s system of controls as of a point in time. It also opines on the fairness of the firm’s description of system which is included as part of the SOC1 report. A Type 1 exam is usually a good starting point for a firm new to the SOC1 examination process.

Type 2 Exam

A SOC1 Type 2 examination provides users with the same assurances as a Type 1. In addition, the operating effectiveness of the controls are tested over a period of time, typically 6-12 months.  A Type 2 exam is usually what users expect when asking for a SOC1 report.  Many firms will start with a Type 1 with the expectation of moving to a Type 2 to meet the contractual needs of their client reporting requirements.

Because a Type 2 examination includes testing the operating effectiveness of key internal controls over operational areas of the firm, some firms will place reliance on the report results to help alleviate some of the testing responsibilities placed on the Compliance Department as part of their ongoing forensic testing under Rule 206(4)-7.

Readiness Assessment

For firms not quite ready to undergo a Type 1 or Type 2 examination, we offer a SOC1 readiness assessment. A readiness assessment allows us to walk through your processes and help you to identify your key controls, along with any control or documentation gaps. Our management report provides an outline of your key controls, along with a step-by-step plan for implementing corrective measures and best practices, to ensure your future Type 1 or Type 2 exam goes smoothly.
Image

Start The Process Today

Get Started