Learn about the AICPA SOC 1 and SOC 2 reporting options for today's service organizations
San Jose, CA (PRWEB) September 14, 2012
The SOC 1 vs. SOC 2 debate has been gaining quite a bit of attention lately, largely due to the emergence of the AICPA Service Organization Reporting (SOC) framework, which includes SSAE 16 Type 1 and Type 2 reports, along with using the little-known AT 101 professional standard for SOC 2 (and SOC 3) reporting. And SSAE 16 has shot out of the gate to become the global de facto standard for reporting on controls at service organizations, but SOC 2 can be a viable reporting option. As such, take note of the following 5 important points regarding SOC 1 vs. SOC 2, provided by NDB Accountants & Consultants, a nationally recognized PCAOB CPA firm specializing in SOC reporting.
1. Professional Standards: While the SOC 1 reporting platform uses the well-known SSAE 16 standard, SOC 2 relies on the little-known AT 101 professional standard. As a service organization, if SOC 2 is on the radar, then take time to learn about AT 101.
2. AICPA Publications: The AICPA has published material specifically devoted to both SOC 1 and SOC 2 reporting. It's a good idea to order from the AICPA website as these publications can help service organizations effectively plan for SOC 1 and SOC 2 assessments from a PCAOB CPA firm, such as NDB Accountants & Consultants.
3. Intended Subject Matter: While SOC 1 SSAE 16 assessments are technically geared towards service organizations having a credible "nexus" with the ICFR concept, SOC 2 reporting focuses on the growing technology oriented service organizations and platforms, such as cloud computing, Software as a Service (SaaS), data centers managed service providers, and others.
4. Intended Users of Reports: As for SOC 1 SSAE 16 reports, the "external financial statements auditor’s of the user organization's financial statements, management of the user organizations, and management of the service organization" are the intended users. And as for SOC 2 reports, intended users are the "Relevant parties that are knowledgeable about the services provided by the actual service organization" and that they have a true and credible need for utilizing a SOC 2 report.
5. Conclusion: The SOC 1 vs. SOC 2 debates is sure to continue for many years to come, that's why it's important to gain a comprehensive understanding of the aforementioned issues discussed. There may very well be a shift towards SOC 2 reporting for many of today's technology oriented service organizations, but only time will tell.
NDB Accountants - A nationally recognized PCAOB CPA firm specializing in SOC reporting.
Contact Charles Denyer at 1-800-277-5415, ext. 705 or Christopher G. Nickell at 1-800-277-5415, ext. 706 to learn more about our competitive, fixed fee rates.