Understanding Your SOC 1 Audit Report: What is an Assertion?
by Joseph Kirkpatrick / November 15th, 2017
What is an Assertion?
One of the things that management must provide to the auditor as part of a SOC 1 engagement is an assertion. What does that mean? What is an assertion?
In our everyday life, an assertion is a confident statement of fact or belief. In the world of auditing, assertions are still confident statements of fact or belief, but with a twist. Assertions are claims made by management regarding certain aspects of their business. An assertion is comprised of management’s description of the system that you’re providing as a service to your clients. This assertion will provide a detailed description of how the system is designed and operating, and the auditor must determine if this is fairly presented in the audit report. For a SOC 1 audit, assertions are related to a company’s financial statements.
Types of Assertions
Auditors rely upon a variety of assertions regarding a company. Assertions will fall into one of the following categories:
- Assertions Related to Transactions –Â This type of assertion could be related to the occurrence of a transaction, the completeness of transactions, the accuracy in recording transactions, the cut-off date of accounting periods, and the classification of transactions.
- Assertions Related to Account Balances – Assertions of this type focus on assets, liabilities, and equity balances at the end of a period. These assertions will be related to the existence of assets, liabilities, and equity balances at the end of a period, the completeness of the recording account balances in financial statements, the rights and obligations of the entity, and the valuation of assets, liabilities, and equity balances.
- Assertions Related to Presentation and Disclosures – Assertions in this category highlight how information like transactions, balances, and other events are presented within financial statements. Assertions will relate to the occurrence of transactions and events disclosed in financial statements, the completeness of transactions and events disclosed in financial statements, the classification and understandability of transactions and events disclosed in financial statements, and the accuracy and valuation of transactions and events disclosed in financial statements.
Testing Assertions
Assertions must be validated by auditors during a SOC 1 engagement. If an assertion states that the salaries and wages of all employees have been accounted for, then an auditor will test to ensure this. Reviewing documentation is a major part of an auditor’s testing. An auditor, for example, might follow your organization’s procedure for checking the occurrence of transactions. If the result of the procedure doesn’t match the assertion, this is an issue.
More questions about SOC 1 audits? Want help demonstrate to your clients your commitment to security and compliance? Contact us today.
One of the things that management must provide to the auditor as part of a SOC 1 engagement is an assertion. The assertion is comprised of management’s description of the system that you’re providing as a service to your clients. This assertion will provide a detailed description of how the system is designed and operating, and the auditor must determine if this is fairly presented in the audit report.
