Dallas, Texas (PRWEB) February 08, 2012
The SOC 1 vs. SOC 2 comparison and analysis is in full-swing, thanks in large part to the introduction of the AICPA’s Service Organization Control (SOC) reporting platform, which has resulted in a number of significant changes to reporting on internal controls for service organizations. Additionally, the pronouncement of the SSAE 16 attest standard, which effectively replaced the aging SAS 70 auditing standard, has further intensified the SOC 1 vs. SOC 2 debate. If your organization is contemplating a SOC 1 or SOC 2 assessment, it’s vitally important you learn about the fundamental differences between these two reporting options and its impact on your organization.
One of the biggest issues with the AICPA’s Service Organization Control (SOC) framework is that of SOC 1 vs. SOC 2, more specifically, when and how to use each of these respective reporting options. While the AICPA made great strides in clearly defining the acceptable scope for each reporting option (i.e., SOC 1, SOC 2, and even SOC 3), some practitioners feel that the marketplace has not adopted the true technical merits of the SOC framework in its entirety.
Technically speaking, Service Organization Control (SOC) 1 reports are to be conducted in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, the AICPA “attest” standard used for reporting on “internal controls over financial reporting”, more commonly known as the ICFR concept.
Likewise, SOC 2 reports are to be conducted in accordance with AT Section 101, while utilizing the Trust Services Principles (TSP), for which there are five of them. Moreover, the SOC 2 reporting option was developed specifically for the growing number of technology and cloud computing services being offered by service organizations.
The result has been a large and continuing process in which service organizations are simply migrating away from the historical SAS 70 auditing standard and directly to the new AICPA SSAE 16 attest standard, with minimal interest being given to the SOC 2 AT Section 101 reporting option. But even if the SOC 2 reporting option never fully evolves as the AICPA had hoped for, the SOC 1 SSAE 16 framework is still an excellent platform for any type of service organization, regardless of their relationship with the ICFR concept.
To learn more about SOC 1 and SOC 2 reporting, please visit the official SSAE 16 Resource Guide or contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706.
About NDB
NDB Accountants & Consultants (NDB) is a nationally recognized CPA and Advisory firm specializing in the field of regulatory compliance, ranging from SOC Reports (SSAE 16 and AT Section 101 for SOC 1 and SOC 2, respectively), PCI DSS compliance, to HIPAA, FISMA, and GLBA compliance, just to name a select few. The last decade has seen security, governance, and compliance issue permeate all layers of business, due in large part to the Sarbanes Oxley Act of 2002 and various other state and federal laws and regulations. As such, NDB has been on the forefront of many of these compliance initiatives, developing highly efficient and cost-effective auditing methodologies, while providing first-class, resource rich web portals for educational purposes, such as the highly acclaimed SAS 70 Resource Guide, the PCI DSS Resource Guide along with the ISAE 3402 Resource Guide.
###
Source Article from http://www.prweb.com/releases/2012/2/prweb9171696.htm
