SOC 1 Examinations
Johanson Group is a Certified Public Accounting (CPA) firm registered with the AICPA (American Institute of Certified Public Accountants) and is managed by many highly qualified partners with extensive experience in SOC audits.
Our team is dedicated to ensuring an anxiety-free audit experience for your organization.
SOC 1 Type 1 and Type 2
SOC 1 Type 1 Report
A Type 1 SOC 1 examination provides user-entities reasonable assurance of the design of the service organizations internal controls over financial reporting at a point in time.
Industries that can benefit from a SOC 1 Type 1 report:
Healthcare
Financial services
FinTech
SOC 1 Type 2 Report
A Type 2 SOC 1 examination provides reasonable assurance regarding both the design and operating effectiveness of the service organizations internal controls over financial reporting over a defined period of time (audit review period).
Industries that can benefit from a SOC 1 Type 2 report:
Cloud service providers
Data centers
Software as a Service (SaaS) providers
Our Process
The SOC 1 examination process involves a readiness assessment to prepare for the audit, the examination itself (Type 1 or Type 2), and the issuance of a report detailing control design or effectiveness, depending on the type of examination.
-
The process begins with a readiness assessment to evaluate the service organization's controls over financial reporting.
Define the scope of the examination by identifying the services and systems relevant to financial reporting.
Review and document the existing control environment, policies, and procedures.
Identify any control gaps or weaknesses and develop a plan to address them.
This step sets the foundation for the SOC 1 examination process.
-
For a SOC 1 Type 1 examination, an auditor assesses the design of controls at a specific point in time. They evaluate whether the controls are suitably designed to meet the stated objectives.
For a SOC 1 Type 2 examination, auditors assess the operating effectiveness of controls over a specified period (typically six months to a year). They test whether the controls were consistently applied and effective throughout the testing period.
Auditors perform detailed testing, including sample selection, interviews, and walkthroughs, to assess control effectiveness.
They document their findings and provide a report, which can be shared with clients or stakeholders.
-
After completing the examination, the auditor issues a SOC 1 report.
For a Type 1 report, this report outlines the service organization's controls and their design at a specific point in time.
For a Type 2 report, it includes details about the effectiveness of controls over the testing period and any identified issues.
The report is shared with the service organization's management and can be distributed to clients, stakeholders, and potential clients to demonstrate control and security measures in place.
We are a client-focused professional services firm in operation for eight years, providing audit and attestation services to businesses of all sizes worldwide!
Highly Skilled
With combined decades of experience working in the GRC world, our team has the experience and proven track record of delivering a seamless experience throughout your engagement with us.
Client-Centric
Every client is paired with our Customer Success team and a dedicated auditor whose goals are to make sure they receive fast and individualized service.
Efficient & Timely Report Delivery
From the time we begin the audit, our commitment to clients is they will have their final report in hand within 4 to 6 weeks.