Delivering on the Promise of SOC 1 compliance.

Achieve compliance and gain market share. Stop redundant customer audits. Gain a partner who understands your industry and the regulatory pressure you face. Skoda Minotti's audit specialists will design a customized process to help your organization through the SOC 1 process from start to finish, benchmarking and comparing internal controls against industry best practices.

Understanding SOC 1 and SSAE 18. On May 1, 2017, the SSAE 16 standard was effectively replaced by SSAE 18. Organizations that were previously required to perform a SSAE 16 will continue to undergo the same process, but, rather than referring to the audit by the standard name (SSAE 18), it will now be officially referred to as a SOC 1 Report. The SOC 1 Report was always the final product of the audit, however, there was confusion in terminology throughout the marketplace that the AICPA has resolved in this latest update.  

Besides the terminology clarification, there are a few other material updates which service organizations should take note of, including: 

  • The performance of an annual risk assessment to identify potential threats to internal controls.
  • Formal examination of third party vendors (subservice organizations) and their controls which support the operation of the system.
  • The addition of a new section to the SOC 1 report, specifically defining the controls which are outsourced and the responsibility of a subservice organization.

If security, confidentiality, availability, processing integrity, or privacy are critical concerns, a SOC 2 report may be more appropriate for your needs.

Want more information on the transition from SSAE 16 to SSAE 18 ? Click here to learn more.

Why Skoda Minotti Risk Advisory Services? We’re a full-service advisory firm with niche practice experience—and we are easy to work with. Our creative, talented consultants are committed to implementing the latest technology to build efficiencies. With more than 30 years of proven history in our field, we bring time-tested solutions and the latest innovations to your company, to provide an efficient and collarborative audit process.

Benefits of a SOC 1 report. SOC 1 provides service organizations an independent audit report to provide clients reasonable assurance their controls are in place and operating effectively. Rather than fielding multiple sets of auditors throughout the year, you have one set of independent auditors who understand your business operations reviewing your controls. At the completion of the audit, a SOC 1 report is issued, which, can then be provided customers and to potential customers during RFP processes. The SOC 1 report replaced the former SAS 70 in June 2011 with the introduction of SSAE 16, and, has evolved to enhance the report’s overall quality and usefulness with the latest updates in SSAE 18. Skoda Minotti has a team dedicated to helping you work through these details and achieve compliance.

Gain Compliance. One Up the Competition. Give customers confidence that your service organization meets the highest global standards for internal controls. Differentiate your company from competitors. Eliminate additional customer audits and self-assessment questionnaires. Gain instant credibility, the potential to grow your market share, and the ability to independently assess controls.

SOC 1 Examination Services:

  • SOC 1 Readiness Assessment. Preparing for your first SOC 1 audit? This is where we’ll start. Skoda Minotti conducts readiness assessments for organizations that are new to SOC 1.
  • SOC 1 Transition Services. Ensure compliance with new SSAE requirements as you move from SAS 70 compliance to this updated standard.
  • SOC 1 Type I. You have policies and procedures in place, but need to gain a better understanding of SOC 1. A Type 1 engagement prepares an organization for the Type II report, and provides an assurance report on the design of internal controls as of a specified date.
  • SOC 1 Type II. Earn the highest level of assurance for SOC 1. Type II reports are the de facto standard for using a third party assurer like Skoda Minotti and involve inquiry, observation, inspection and performance testing of internal controls.

Your Guide. Which SOC report does your company need? Click below to get your free reference guide.

Questions? Contact Ben Osbrach and he’d be glad to help.

Ben Osbrach, CISSP / CISA / QSA