1.866.669.6561

check

SOC 1 Type 2 Independent Service Auditors Report

Independent Service Auditors Report

To Management of (Example Service Organization):

We have examined (Example Service Organization’s) description of its (description of system) system for processing user entities’ transactions throughout the period December 1, 2011, to May 31, 2012 (description), and the suitability of design and operating effectiveness of controls to achieve the related control objectives stated in the description. The description indicates that certain control objectives specified in the description can be achieved only if complementary user entity controls contemplated in the design of Example Service Organization’s controls are suitably designed and operating effectively, along with related controls at the service organization. We have not evaluated the suitability of the design and operating effectiveness of such complementary user entity controls.

In section 2 of this report, (Example Service Organization) has provided an assertion about the fair presentation of the description and the suitability of design and operating effectiveness of the controls to achieve the related control objectives stated in the description. Example Service Organization is responsible for preparing the description and for the assertion, including the completeness, accuracy, and method of presentation of the description and the assertion, providing the services covered by the description, specifying the control objectives and stating them in the description, identifying the risks that threaten the achievement of the control objectives, selecting the criteria, and designing, implementing, and documenting controls to achieve the related control objectives stated in the description.

Our responsibility is to express an opinion on the fairness of presentation of the description and the suitability of the design and operating effectiveness of the controls to achieve the control objectives stated in the description, based on our examination. We conducted our examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform our examination to obtain reasonable assurance about whether, in all material respects, the description is fairly presented and the controls were suitably designed and operating effectively to achieve the related control objectives stated in the description throughout the period from December 1, 2011 to May 31, 2012.

An examination of a description of a service organization’s system and the suitability of the design and operating effectiveness of the service organization’s controls to achieve the related control objectives stated in the description involves performing procedures to obtain evidence about the fairness of presentation of the description of the system and the suitability of the design and operating effectiveness of those controls to achieve the related control objectives stated in the description . Our procedures included assessing the risks that the description is not fairly presented and that the controls were not suitably designed or operating effectively to achieve the related control objectives stated in the description. Our procedures also included testing the operating effectiveness of those controls that we consider necessary to provide reasonable assurance that the related controls objectives stated in the description were achieved. An examination engagement of this type also includes evaluating the overall presentation of the description and the suitability of the control objectives stated therein, and the suitability of the criteria specified by the service organization and described in management’s assertion in section 2 of this report. We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our opinion.

Because of their nature, controls at a service organization may not prevent, or detect and correct, all errors or omissions in processing or reporting transactions. Also, the projection to the future of any evaluation of the fairness of the presentation of the description, or conclusions about the suitability of design or operating effectiveness of the controls to achieve the related control objectives, is subject to the risk that controls at a service organization may become inadequate or fail.

In our opinion, in all material respects, based on the criteria described in Example Service Organization’s assertion in section 2 of this report

a.    The description fairly presents the (description of system) system that was designed and implemented throughout the period December 1, 2011 to May 31, 2012.

b.    The controls related to the control objectives stated in the description of were suitably designed to provide reasonable assurance that the control objectives would be achieved if the controls operated effectively throughout the period December 1, 2011 to May 31, 2012, and user entities applied the complementary user entity controls contemplated in the design of Example Service Organization’s controls throughout the period December 1, 2011 to May 31, 2012.

c.    The controls tested, which together with the complementary user entity controls referred to in the scope paragraph of this report, if operating effectively, were those necessary to provide reasonable assurance that the control objectives stated in the description were achieved, operated effectively through the period December 1, 2011 to May 31, 2012.

The specific controls tested and the nature, timing, and results of those tests are listed in section 4 of this report.

This report and the description of tests of controls and results thereof in section 4 of this report are intended solely for the information and use of Example Service Organization, user entities of Example Service Organization’s savings system during some or all of the period December 1, 2011 to May 31, 2012, and the independent auditors of such user entities, who have a sufficient understanding to consider it, along with other information including information about the controls implemented by user entities themselves, when assessing the risks of material misstatements of user entities’ financial statements. This report is not intended to be and should not be used by anyone other than those specified parties.

Service Auditors Signature

Date

City, State

More Information