Lunch and Learn: What is a SOC1/SOC2 Attestation report and how should financial statement auditors and other relying parties use the reports?

Organizations that provide services to other entities need a way to manage risks associated with outsourcing those services. The original standard for reducing that risk was known as a SAS 70 Attestation which was performed by a CPA. The result was a report used to demonstrate the effectiveness of internal controls over financial reporting. Organizations began to use the report as evidence that a vendor was secure and safe to work with. When the SSAE 16 report was introduced, it was renamed Systems and Organization Controls 1 (SOC 1) and continued to address financial criteria. SOC 2 was created at the same time to specifically address security, privacy, availability, integrity, and confidentiality. In other words, everything else that doesn't affect financial reporting. If your organization hosts financial information or has a system or process that impacts the financial statements of a client, then SOC 1 is for you. If you are a third-party provider with a system used by other organizations, a SOC 2 Attestation could be requested from you. It's not uncommon to need both SOC 1 and 2 Attestation reports. Investors, auditors, business partners, vendors, clients, and prospects are example parties that will typically rely on the SOC 1 and or SOC 2 Attestation reports. Software vendors, payroll providers, collection companies, data centers, cloud providers, managed service providers, CPA firms, HR firms, law firms, and consulting firms, just to name a few, are example of organizations that might be required to perform a SOC 1 and or SOC 2 Attestation. In this webinar, attendees will learn more about how to get ready for a SOC 1 and SOC 2 assessment and how to use the reports.