SERVICE ORGANIZATION ENGAGEMENTS
The Ever Changing Control EnvironmentSYSTEM AND ORGANIZATION CONTROLS (SOC) SERVICES
SOC 1 REPORT: WHAT IS IT?
Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR). Whether you represent a law firm, a medical office, or another entity responsible for sensitive/confidential information, most service organizations use cost intensive transaction processing systems to manage payroll, sales, and day-to-day operations. SOC 1 reports explore an organization’s methods and processes and identifies potential weaknesses. A SOC 1 report is prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. This is specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements. SOC 1 is a report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description. Within this engagement, there are two types: Type 1 – Reports on the design of controls as of a specified date. Type 2 – Reports on the effectiveness of controls throughout a specified time period. Use of these reports is restricted to the management of the service organization, user entities, and user auditors (not potential customers). However, the organization may indicate on its website and marketing materials that it has undergone a SOC 1 engagement.SOC 2 REPORT: WHAT IS IT?
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy. Our team provides a report on user organizations’ internal controls related to security, availability, processing integrity, confidentiality and/or privacy using Trust Service Principles. We provide actionable insights to help organizations enhance their internal control environment, and help companies provide transparent controls-related information to customers and other stakeholders. These reports, prepared in accordance with Trust Services Principles (TSP) Section 100, Trust Services for Security, Availability, Processing Integrity, Confidentiality, and Privacy or other authoritative criteria, are specifically intended to increase confidence in a service organization’s systems. Included in a SOC 2 report is a description of the service organization’s controls, listing of tests performed by the service auditor, and results of those tests. Just like SOC 1 reports, SOC 2 reports can either report on the design of controls as of a specified date (Type 1) or the design and operating effectiveness of controls for a period of time (Type 2). However, SOC 2 reports specifically address one or more of the following five key system principles:- Security – The system is protected against unauthorized access (both physical and logical).
- Availability – The system is available for operation and use as committed or agreed.
- Processing integrity – System processing is complete, accurate, timely, and authorized.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Privacy – Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
POTENTIAL BENEFITS
These reports are designed to be actively utilized by the management of the service organization, user entities, prospective user entities, and regulators. SOC 1 and SOC 2 reports can provide:
|
|
We invite you to CONTACT US if you would like additional information or to discuss your particular business needs.
RECENT POSTS

Bowman’s Managing Partner Receives Distinguished Service Award
The annual convention of the New Jersey Society of Certified Public Accountants (NJCPA) is a chance for industry professionals to connect, learn, and discuss the future of the profession. It’s also an opportunity for the Society’s leadership to be visible and...

Local Students Receive 2025 Bowman Scholarships
On April 24, 2025, the New Jersey Society of Certified Public Accountants (NJCPA) hosted their annual scholarship award ceremony. In total, 40 students were provided scholarships. Firms that are associated with the NJCPA are given the opportunity to contribute to the...

Local Accounting Class Takes Trip to Bowman HQ
On May 2nd, students enrolled in accounting classes from Lenape High School toured Bowman & Company LLP’s Voorhees office. This is the second hosted field trip for Bowman, and we couldn’t be happier with the turnout. 28 students interacted with Bowman staff,...