Assurance and Advisory Services

Browse

By Topic

... Click to view more

[x]

By Document Type

... Click to view more

[x]

Member Only Content

AICPA Membership (4)

By Date

Service Organization Control (SOC) Reports

Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.



CPAs	Users	Service Organizations
Provides information to user auditors and service auditors on understanding and performing SOC engagements.	Provides information to user entities on how to mitigate the risks associated with outsourcing services.	Provides information to service organizations on building trust and confidence in their systems.

SOC Guides

	Service Organizations: Applying SSAE No. 16, Reporting on Controls at a Service Organization Guide (SOC 1) The SOC 1 guide is designed to assist CPAs in transitioning from performing a service auditor’s engagement under Statement on Auditing Standards (SAS) No. 70, Service Organizations, to doing so under Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, which replaces the guidance for service auditors in SAS No. 70.
	Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2^SM ) Updated as of March 1, 2012, the SOC 2 guide provides “how-to” guidance for service auditors performing examinations under AT section 101, Attest Engagements (AICPA, Professional Standards), to report on a service organization’s controls over its system relevant to security, availability, processing integrity, confidentiality, or privacy. It includes a new comprehensive illustrative type 2 SOC 2 report and expanded information on unique challenges and risks service auditor will encounter in performing SOC 2 or SOC 3engagements for cloud computing service organizations.

SOC Resources
	SOC Reports, Logos, FAQs, Brochure & Peer Review Requirements SOC 1 SOC 2 SOC 3 SOC Logos SOC FAQs: Technical Practice Aids TIS Section 9520 and TIS Section 9530 SOC Brochure SOC Privacy Resource SOC Toolkit for Firms SOC Toolkit for Service Organizations Peer Review Requirement

SOC Publications
	Attestation Standards The Codification of Statements on Standards for Attestation Engagements contains all Statements on Standards for Attestation Engagements up to and including SSAE No. 16, Reporting on Controls at a Service Organization.
	Quick Reference Guide to Service Organization Control Reports The Quick Reference Guide to Service Organization Control Reports is designed as a marketing and communications tool to help build your practice. This guide acts as a “take-away” that you can provide to your clients as a ready reference to service organization reporting controls. It educates your clients on the fundamental information they need to know about service organization reporting controls and what options are available to them.
	Using an SSAE No. 16 Service Auditor's Report (SOC 1 Report) in Audits of Employee Benefit Plans This practice aid, Using an SSAE No. 16 Service Auditor’s Report (SOC 1 Report) in Audits of Employee Benefit Plans, provides auditors with guidance when auditing the financial statements of an employee benefit plan that uses a service organization.

SOC CPE
	SOC School: Conducting Successful Engagements SOC School is designed to educate CPA practitioners who want to learn how to provide best in class services related to the effectiveness of controls at a service organization that impact their clients internal controls over financial reporting (SOC 1), and controls at a service organization related to information privacy, security, confidentiality, availability and processing integrity (SOC 2 and SOC 3). CPA Practitioners who attend the SOC school will gain a deeper understanding of Service Organization Control Guidance, common practice issues, and will leave with the foundational knowledge to effectively perform these engagements. Upcoming 2013 SOC Schools: *Colorado Society of CPAs, Denver, CO - May 15-17, 2013* *Maryland Association of CPAs, Columbia, MD - July 15-17, 2013* Visit http://www.cpa2biz.com/soc to learn more.
SOC Webcasts
	Service Organization Control Reports: Reporting After SAS 70 Service Organization Control Reports: A Closer Look at SOC 1 Engagements Service Organization Control Reports: A Closer Look at SOC 2 and SOC 3 Engagements Service Organization Control Reports: What Companies and Customers Need to Know

SOC Articles and Blog Posts
	Articles Explaining SOC: Easy as 1-2-3 What CPAs need to know about Service Organization Controls reports. Expanding Service Organization Control Reporting SOC 2 reports offer CPAs new opportunities to address clients' needs. Cloud Computing This article explains the history and future of the cloud, helps you understand the potential benefits and risks of cloud computing and discusses how SOC reports can mitigate those risks. Replacing SAS 70 New standards for engagements involving outsourcing. Blog Posts 4 Things to Know About Performing and Reporting on SOC Engagements Here are four key queries and their answers to help you better understand SOC engagements. SOC Engagements: How to Get in the Game Find tips on how you can start a SOC practice. Press Releases SOC for Cloud Service Providers Cloud Security Alliance (CSA) endorses SOC reports for evaluating controls over cloud service providers.

SOC Articles and Blog Posts

Articles

Explaining SOC: Easy as 1-2-3
What CPAs need to know about Service Organization Controls reports.

Expanding Service Organization Control Reporting
SOC 2 reports offer CPAs new opportunities to address clients' needs.

Cloud Computing
This article explains the history and future of the cloud, helps you understand the potential benefits and risks of cloud computing and discusses how SOC reports can mitigate those risks.

Replacing SAS 70
New standards for engagements involving outsourcing.

Blog Posts

4 Things to Know About Performing and Reporting on SOC Engagements
Here are four key queries and their answers to help you better understand SOC engagements.

SOC Engagements: How to Get in the Game
Find tips on how you can start a SOC practice.

Press Releases

SOC for Cloud Service Providers
Cloud Security Alliance (CSA) endorses SOC reports for evaluating controls over cloud service providers.


AICPA Senior Vice-President Arleen Thomas, CPA, explains the new SOC reports. Also check out: AICPA President & CEO Barry Melancon, CPA, gives an overview of the new initiative to assist CPAs with SOC reports.

AICPA Senior Vice-President Arleen Thomas, CPA, explains the new SOC reports.

Also check out:
AICPA President & CEO Barry Melancon, CPA, gives an overview of the new initiative to assist CPAs with SOC reports.