Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting (SOC 1(R)) - Guide
Get a deeper understanding of what's required and how to provide best-in-class in service organization control engagements. Glean insight from expert authors and see learnings in action with illustrative report excerpts.

If you are purchasing a product in one of the following formats, please check the system requirements below:

Online Professional Library
The AICPA Online Professional Library will operate in a variety of configurations, but only the configuration described below is supported by our technicians:

  • Windows 7+ (Latest Microsoft Edge, Internet Explorer, Firefox or Chrome)


Minimum system requirements are:

  • Internet access
  • Adobe ID
  • Adobe® Digital Editions (ADE) is a free program that lets you read eBooks on a PC, Mac, and any supported smartphone or tablet. You MUST download and login to ADE in order to view an AICPA eBook. AICPA eBooks are best viewed when using ADE 3 for PC and ADE 4 for Mac.
  • For mobile access to eBooks, download the free Bluefire Reader app for Apple (iOS) and Android phones and tablets.


  • eBooks are intended for a single user only.
  • An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date so you must download the file before this time elapses.
  • This product is refundable within 10 days of your purchase date.

Read the AICPA eBook Tutorial and see our FAQ for more information.


  • Adobe® Acrobat® Reader 8 or higher
Product details

Learn how to effectively perform SOC 1® engagements

Who Will Benefit?

  • Practitioners performing SOC 1 engagements
  • Managers of entities that have SOC 1 engagements being performed
  • Auditors relying on SOC 1 reports

Key Topics

  • Requirements and guidance in AT-C section 320 for performing SOC 1 engagements
  • Guidance from top CPAs on how to implement AT-C section 320 and address common and practice issues
  • How to provide best-in-class services related to planning, performing and reporting on a SOC 1 engagement
  • Successfully implement changes in AT-C section 320 arising from the issuance of SSAE 18
  • Determine how to describe the matter giving rise to a modified opinion
  • Understand the kinds of information financial statements auditors of user entities need from a service auditor's report
  • Organize and draft relevant sections of a type 2 report
  • Develop management representation letters for SOC 1 engagements

As business specialization grows, so does the practice of outsourcing tasks and functions to service organizations. These trends have increased the demand for SOC 1 engagements.

This guide will make sure you clearly understand how to complete a SOC 1 engagement under AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting, of Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification.

Get the basics or deepen your knowledge with these new features

Even if you're experienced with SOC engagements, this guide is an essential resource that:

  • Has been fully conformed to reflect changes resulting from SSAE No. 18, the clarified attestation standards.
  • Contains insight from expert authors on the Service Organizations Task Force composed of CPAs that all perform SOC 1® engagements. The Task Force updates the guide with lessons learned in practice.
  • Includes illustrative report paragraphs describing many different types of report modifications.

Additionally, this guide discusses implementation challenges. It integrates the SSAE No. 18 requirements and application guidance from the three applicable sections in the discussion of service auditors' engagements.

SSAE No. 18 is effective for service auditor's reports dated on or after May 1, 2017.

Content preview
Ratings and reviews

American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
Back to Top