CPAs Outsource SOC 1 Audits

Financial audits may need to include SOC 1 Type 2 audits of any service organizations involved.

 Summary

  • User financial auditors have the option of outsourcing SOC 1 audits
  • SOC 1 audits in support of user auditors auditing accounting data increases assurances of reliable financial status.

CPAs performing financial statement audits have the option to outsource a SOC 1 audit of their client’s information technology data controls to provide their client with a higher level of confidence in the financial report. As more companies begin to comply with new AICPA standards for auditing information technology systems, it will become necessary for them to require SOC 1 Type 2 audits of IT systems as validation of the accuracy of the accounting data used in their financial statements and compliance with the new control standards. Users of information technology that can provide assurances to their customers and other service organizations today are being sought out by others that have been certified.

The auditing team at Integrated Accounting Services LLC provides SOC 1 reports for CPA  firms to assist auditors in providing assurances to their clients that their reports are based on validated data.  The team leaders are CPA.CITP  approved with experience in both accounting audits and IT systems audits.

The team also performs SOC 2 audits and issues SOC 3 certificates of compliance for financial institutions, service organizations and others using systems when security, availability, processing integrity, confidentiality  and privacy are required.

To provide a professional solution for these new standards the team at Integrated Accounting Services (IAS) performs audits for service organizations and their clients during the same testing period where possible.  IAS’s integrated approach to auditing both the service organization and its clients provides increased security, integrity and privacy for all systems. Timely coordinated reports and periodic follow-ups are part of the integrated approach to qualifying service organizations and their user entities and reporting the higher level of assurance to responsible parties.

This article is provided by Integrated Accounting Services for those seeking clarification of IT system and control requirements. Please contact us if you need an assessment of your system and to determine whether you need a SOC 1 or a SOC  2 audit to assure clients of your compliance with new standards.

What are CITPs, anyway?

What a CITP knows.  It's actually lots of stuff.
CITP Body of Knowledge

A CITP is a certified auditor of information technology systems.

  • A CITP is required to certify compliance of an IT system.
  • CITP are certified by AICPA.
  • Michael Warren is a CITP.
  • IAS certifies compliance of IT systems.

A CITP is a Certified Information Technology Professional.  A CPA.CITP is a CPA who is uniquely qualified to evaluate the validity of a company’s data and financial statements as well as the Service Organization Controls (SOC) intended to protect their information technology systems. The CITP designation is awarded by the AICPA to CPAs with extensive experience in information technology. With a broad understanding of  how information technology is integrated with accounting, CPA.CITPs are able to offer insights to businesses that a CPA or information technology professional with only one designation cannot offer.

To be certified by AICPA  as a CPA.CITP, a CPA must demonstrate an understanding of information technology principles and practices encompassing a wide body of knowledge across both disciplines. As a CPA.CITP, Michael Warren, the Principal of Integrated Accounting Services (IAS) has years of experience personally performing accounting audits.  He is recognized for his understanding of information technology and its relationship with business accounting. This unique body of knowledge and experience establishes Mr. Warren as one of only a few CPAs qualified to perform audits of the degree of suitability of controls of service organizations and their users, for transmitting, storing, and protecting private and nonpublic data.

To provide a professional solution for these new standards the team at Integrated Accounting Services (IAS) performs audits for service organizations and their clients during the same testing period where possible.  IAS’s integrated approach to auditing both the service organization and its clients provides increased security, integrity and privacy for all systems. Timely coordinated reports and periodic follow-ups are part of the integrated approach to qualifying service organizations and their user entities and reporting the higher level of assurance to responsible parties.

This article is provided by Integrated Accounting Services for those seeking clarification of IT system and control requirements. Please contact us if you need an assessment of your system and to determine whether you need a SOC 1 or a SOC  2 audit to assure clients of your compliance with new standards.

Go back to top