PCI DSS 4.0 - Are You Ready? Get a Discount on a Readiness Assessment - Learn More
AT Section 101 and SOC 2
Author Picture
Listen to: "Focus on SOC: AT Section 101"

Within the framework established by the American Institute of Certified Public Accountants (AICPA), there are SOC 1SOC 2SOC 3 and SOC for Cybersecurity reports. Each report has its own purpose, approach, materials used, goals and professional standard.

What Is AT Section 101?

AT section 101 is the specific part of the Attestation Standard, established by the AICPA, which serves as the professional standard for SOC 2 and SOC 3 audits. While businesses focusing on financial reporting adhere to the SOC standard, AT Section 101 was designed to provide a set of industry-wide standards for performing SOC 2 and SOC 3 audits.

How It Serves Practitioners of SOC Audits

SOC audits are performed by certified public accountant or auditor, who is known as the “practitioner.” AT Section 101, along with any accompanying documentation, serves two primary functions for the practitioner in reporting:

  • Provides principal support for the practitioner’s report that includes representation regarding observance of the standards of fieldwork. This function is implicit in the reference in the report to attestation standards, specifically in AT Section 23, entitled Suitability and Availability of Criteria. It states, “The practitioner must have reason to believe that the subject matter is capable of evaluation against criteria that are suitable and available to users.”
  • Assists the practitioner in conducting and supervising the attest engagement.

Related article: SOC 1 and SOC 2 Reports – What’s the Difference?

How It Serves Practitioners of Attest Engagements

AT Section 101 has become an increasingly important section of the Attest Engagements for reporting on controls at service organizations.

It applies to engagements in which an entity engages a CPA — or “the practitioner”— to issue an examination, review, or agreed-upon procedures report on specific subject matter regarding a service organization’s internal controls. The section may also be an assertion about the subject matter that is the responsibility of another party.

Attest documentation usually needs to confirm that the process by which the organization has developed its prospective financial statements was considered in determining the scope of the examination.

Choosing the Right Practitioner for SOC Audits & Attest Engagement

As companies becoming increasingly digitized, the need for SOC audits and the AT Section 101 professional standard will only increase. AT Section 101 will play a vital role in reporting on a service organizations’ controls due to the increasing reliance on cloud computing, SaaS, data hosting and digital integrations.

An attest engagement must be performed by a practitioner who has adequate training and experience in the attest function being performed. He or she must also be certain that the subject matter available can stand up to evaluation against suitable and available criteria. Your practitioner must also be independent in fact, philosophy, and approach when performing or supervising an attest function. This role is bound to the Standards of Fieldwork and for Standards of Reporting.

I.S. Partners, LLC is the first and only auditing firm that provides the “seal of excellence” to SOC recipients. Call us or request a quote so we can provide clarification.

Get a Quote Try our Compliance Checker

About The Author

Get Hassle-free Pricing in 3 Easy Steps

Request a quote using the form below
Allow us to create a customized plan
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the form below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235 or book a meeting with one of our experts.

Great companies think alike!

Join hundreds of other companies that trust I.S. Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal