Understanding Your SOC 1 Report: What is a Gap Analysis?

by Joseph Kirkpatrick / December 11th, 2017

A gap analysis is designed to prepare organizations for an audit. If it’s your first time going through an audit (SOC 1, SOC 2, PCI, HIPAA, HITRUST CSF, etc.), KirkpatrickPrice strongly recommends a gap analysis. This is a process of discovery, a chance to find areas of weakness, and an opportunity to gain industry insight. A gap analysis is not an audit. This process will examine your internal controls in…

Understanding Your SOC 1 Audit Report: What are Control Objectives?

by Joseph Kirkpatrick / November 29th, 2017

What are Control Objectives and How are They Used in a SOC 1 Audit Report? A key aspect of a SOC 1 audit report is the concept of control objectives. Control objectives are a series of statements that address how risk is going to be effectively mitigated. According to the PCAOB, “A control objective provides a specific target against which to evaluate the effectiveness of controls. A control objective for…

Understanding Your SOC 1 Audit Report: What is an Assertion?

by Joseph Kirkpatrick / November 15th, 2017

What is an Assertion? One of the things that management must provide to the auditor as part of a SOC 1 engagement is an assertion. What does that mean? What is an assertion? In our everyday life, an assertion is a confident statement of fact or belief. In the world of auditing, assertions are still confident statements of fact or belief, but with a twist. Assertions are claims made by…

Will I Pass a SOC 1 Audit? What if I Fail The Audit? Reasonable Assurance Explained

by Joseph Kirkpatrick / September 29th, 2017

Organizations put valuable resources into completing SOC 1 audits: time, money, people, technology, and more. We know that often times, a SOC 1 audit can make it or break it for our clients’ business and we don’t take that lightly. When someone asks us, “Will I pass a SOC 1 audit? What if I fail the audit? What happens if I fail?”, we want to give them the best explanation…

Do I need a SOC 1 Type I or a SOC 1 Type II Report?

by Joseph Kirkpatrick / September 22nd, 2017

When considering having a SOC 1 audit performed, there are two different report options available. Knowing whether you need a SOC 1 Type I or a SOC 1 Type II report will depend on your client's needs and timing constraints. What’s the difference between a SOC 1 Type I and a SOC 1 Type II report? A SOC 1 Type I and a SOC 1 Type II both report on…