You have a SOC 1r report - now what?

Identify pertinent information in a SOC 1 report and recognize its implications on risk assessment and audit procedures in accordance with GAAS when your client outsources services related to financial reporting to a service organization.

• Financial statement auditors (user auditors) with experience in performing a risk assessment and tests of controls.
• Those charged with governance (such as management and audit committee members) and internal auditors of entities that outsource services to service organizations.

• Recognize the importance of a SOC 1 report in a financial statement audit in compliance with applicable standards.
• Identify pertinent information in a SOC 1 report.
• Recognize how information in a SOC 1 report affects a financial statement audit.

• Audit considerations when your client outsources services and applicable guidance.
• Sections of a SOC 1r report, roles and responsibilities for each, and key information within each.
• Type 1 versus type 2 reports.
• Implications of complementary subservice organization controls and user entity controls on audit procedures.
• Implications of results of tests on controls on the financial statement audit.