Understanding Your SOC 1 Report
Your service organization may need a SOC 1 report because your client or regulatory body is requesting it, or maybe because you’re being proactive with information security and compliance. A SOC 1 report will demonstrate to your clients that you take the security of sensitive data seriously because you’ve hired a third-party auditing firm to validate your controls, you’ve gained assurance, you’ve matured your environment – all things that assure your clients that their sensitive information is being protected.
There’s a lot to understand about a SOC 1 report, though. If you feel overwhelmed but want to educate yourself on SOC 1 audits, these videos will empower you to understand your SOC 1 report. Joseph Kirkpatrick will walk you through components such as scoping, gap analysis, choosing an audit period, sampling, control objectives, assertions, and more. Choose a video below to begin learning.
Understanding Your SOC 1 Report: The 5 Components of Internal Control
/0 Comments/in SOC 1, Video /by Joseph KirkpatrickThe framework utilized for a SOC 1 audit is known as the COSO Internal Control Framework. It’s one of the most common models used to design, implement, maintain, and evaluate internal control. To have an effective system of internal control, the COSO framework requires that service organizations have the defined components of internal control present, functioning, and supporting business and internal control objectives. Control environment, risk assessment, information and communication, monitoring, and existing control activities make up the five components of internal control, known by the acronym of CRIME.