Understanding Your SOC 1 Audit Report: What is an Assertion?

One of the things that management must provide to the auditor as part of a SOC 1 engagement is an assertion. What does that mean? What is an assertion? In our everyday life, an assertion is a confident statement of fact or belief. In the world of auditing, assertions are still confident statements of fact or belief, but with a twist. Assertions are claims made by management regarding certain aspects of their business. An assertion is comprised of management’s description of the system that you’re providing as a service to your clients. This assertion will provide a detailed description of how the system is designed and operating, and the auditor must determine if this is fairly presented in the audit report. For a SOC 1 audit, assertions are related to a company’s financial statements.
Auditors rely upon a variety of assertions regarding a company. Assertions will fall into one of the following categories: assertions related to transactions, assertions related to account balances, and assertions related to presentation and disclosure. Assertions related to transactions focus on the occurrence of a transaction, the completeness of transactions, the accuracy in recording transactions, the cut-off date of accounting periods, and the classification of transactions. Assertions related to account balances focus on assets, liabilities, and equity balances at the end of a period. These assertions will be related to the existence of assets, liabilities, and equity balances at the end of a period, the completeness of the recording account balances in financial statements, the rights and obligations of the entity, and the valuation of assets, liabilities, and equity balances. Assertions related to presentation and disclosures highlight how information like transactions, balances, and other events are presented within financial statements. Assertions will relate to the occurrence of transactions and events disclosed in financial statements, the completeness of transactions and events disclosed in financial statements, the classification and understandability of transactions and events disclosed in financial statements, and the accuracy and valuation of transactions and events disclosed in financial statements.
Assertions are tested by auditors. If an assertion states that the salaries and wages of all employees has been accounted for, then an auditor will test to ensure this. Reviewing documentation is major part of an auditor’s testing. An auditor, for example, might follow your organization’s procedure for checking the occurrence of transactions. If the result of the procedure doesn’t match the assertion, this is an issue.
Stay Connected

More Free Resources

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, ISO 27001, FISMA, and CFPB frameworks.