SOC 1 reports will be geared towards service organizations that are reporting on controls relevant to internal control over financial reporting (ICFR). As such, SOC 1 Reports will be conducted in accordance with the professional standard known as Statement on Standards for Attestation Engagements (SSAE) No. 16, simply known as SSAE 16.
Additionally, an accompanying SSAE 16 audit guide will be released in early 2011 to help auditors perform these engagements. In simpler terms, the SOC 1 reporting framework will use the newly released SSAE 16 standard as the professional standard for issuing these reports, resulting in two (2) types of SOC 1 reports, a Type 1 and a Type 2. This is very similar to the reporting that took place for SAS 70, where a service organization was either issued a SAS 70 Type I or a SAS 70 Type II. Please note that the intent of SOC 1 reports (either a Type 1 or a Type 2) is what the original SAS 70 standard was designed for, but strayed heavily from- reporting on controls relevant to internal control over financial reporting (ICFR). The advent of SOC 2 reports (and also SOC 3) should be used for all parties reporting on controls outside of that related to financial reporting.
Common examples of service organizations that would be candidates for the SOC 1 reporting framework are trust departments, registered investment advisors, (RIA), employee benefit plans, actuary services, and many other types of organizations that provide outsourcing service functions to user entities, for which the controls are relevant to the user entities' internal controls related to financial reporting. As a service organization, you'll need to ask yourself as to which particular SOC reporting framework do you fall under and what measures have you taken to communicate with your clients on their reporting needs?
For professional guidance on these matters, trust NDB Accountants & Consultants, a nationally recognized, PCOAB CPA firm specializing in regulatory compliance. Additionally, you can speak directly with Chris Nickell, CPA, at 1-800-277-5415, ext. 706 regarding your reporting needs. Additionallly, learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.