
Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting (SOC 1®) (2025)
This attestation guide is designed to help CPAs (service auditors) perform a SOC 1® examination under AT-C section 320.
Format
E-book
Availability
Lifetime
Product Number
AAGASO25E
Publication Date
2025
This guide is also available in a print edition.
In collaboration with Mimeo, this guide is available via print-on-demand. You’ll be passed onto the Mimeo website to complete your transaction. If you have questions about the Mimeo website or your order, email help@marketplace.mimeo.com or call (901) 566-8900.
To purchase the online subscription of this guide, go here.
Guidance for a SOC 1® engagement
This guide is a critical resource for practitioners engaged to examine and report on a service organization’s controls over the services it provides to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting (that is, a SOC 1® engagement).
This guide assists practitioners in:
- Planning and performing a SOC 1 engagement
- Understanding how a user auditor uses a type 1 or type 2 report
- Reporting on the engagement
This guide also contains:
- Guidance on procedures the practitioner performs in this engagement and the report the service auditor issues.
- Numerous illustrative paragraphs that would be added to the service auditor’s report when the service auditor qualifies or disclaims an opinion.
- Guidance for reporting when the service organization presents a subservice organization using the inclusive method or the carve-out method.
Recent updates
This edition of the guide has been revised to:
- Include updates from SAS No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
- Provide further understanding of several topics, such as subservice organizations, software-as-a-service providers, and the reasonableness of control objectives.
- Add examples of procedures the service auditor may perform.
- Add an example of a separate paragraph that would be added to the service auditor's report when a description of key system outputs is omitted.
- Identify additional resources that may be helpful to service auditors.
Who Will Benefit
- Service auditors performing a SOC 1® engagement.
- Auditors of the financial statements of entities that use a service organization.
Key Topics
- Service auditors performing a SOC 1® engagement.
- Auditors of the financial statements of entities that use a service organization.
Group ordering for your team
2 to 5 registrants
Save time with our group order form. We’ll send a consolidated invoice to keep your learning expenses organized.
Start order6+ registrants
We can help with group discounts. Email client.support@aicpa-cima.com
US customers call 1-800-634-6780 (option 1)