SOC 1 Reports

At Tanner, we recognize the significance of financial-statement integrity. Our SOC 1 audit services are designed to help organizations demonstrate their commitment to supporting their client’s internal control over financial reporting.

Whether for the first time or for an ongoing journey, navigating waters such as SOC can be a daunting task, even for the largest of enterprises. A SOC report is likely the most comprehensive document a company will prepare to provide its customers detailed insight into its operations, policies, procedures, and certain accompanying controls.

But don’t fret, as your trusted advisors, we work closely with you to understand your business processes, systems, and associated control environment. Our team of experienced professionals, including CPAs and IT assurance specialists, will guide you through the SOC 1 audit process with meticulous attention to detail and expertise. We provide comprehensive resources, tailored education, and proactive consultation to ensure your readiness for the audit. Using industry-accepted methodologies, we conduct thorough examinations to assess the effectiveness and reliability of your internal controls. With our SOC 1 audit services, you will gain valuable insights, instill confidence in your customers, and meet applicable compliance and reporting objectives.

Discover how we can strengthen your organization’s process and control posture by exploring our SOC 1 services below.

What is a SOC 1?

System and Organization Controls (SOC) is a suite of service offerings developed by the AICPA.  A SOC 1 engagement is designed to provide management of the service organization (your company), user entities (your customers), and the independent auditors of user entities’ financial statements with information and a services auditor’s opinion (that’s us) about controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting.

In English, SOC 1 reports provide insight into the design and operating effectiveness of a service organization’s controls that could likely have an impact on their customer’s internal control over financial reporting.

Who needs a SOC 1?

Is your organization a service provider that processes financial-related transactions (such as payroll transactions or medical claims) or provides services that impact the financial-statement reporting of your clients? If so, you are a great candidate for a SOC 1 report.

Some examples of service organizations whose services likely impact customer’s internal control over financial reporting, and are thus great candidates for a SOC 1 report, include:

• Application service providers (whose applications are used by customers somewhere in the financial reporting cycle)

• Claims processors (e.g., medical, Rx)

• Credit card payment processors

• Defined contribution plan recordkeepers and third-party administrators

• Investment managers

• Payroll processors

• Transfer agents

A SOC 1 report, which is the deliverable after completion of an audit, is typically required by your customer’s financial auditors, which they use in their audit of the customer’s financial statements. The SOC report provides these “user-entity auditors” important information regarding processes, risk, and controls affecting the complete, accurate, and timely processing and reporting of transactions and balances relevant to user entities’ internal control over financial reporting.

By undergoing a SOC 1 assessment, you will set yourself apart from your competition and signal to your customer’s that you are sound stewards of internal controls.