Skip to content
Log in

Type I report

Definition

An attestation report that provides an auditor's opinion on whether controls are suitably designed to meet the stated control objectives, assessed at a single point in time. It does not assess whether those controls actually operated effectively.

Related terms

Complementary User Entity Controls (CUECs)
Controls that the service organisation's system design assumes the user entity will implement. Listed in the SOC 2 report. If the user...
SOC 1 (SSAE 18)
A report on controls at a service organisation that are relevant to user entities' financial statements. Governed by Statement on Standards for...
SOC 2
A report on controls relevant to the AICPA's Trust Service Criteria. Produced under the AT-C 205 attestation standard. Covers Security (mandatory) plus...
Trust Service Criteria (TSC)
The five criteria used to evaluate controls in a SOC 2 engagement: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The criteria are...
Type II report
An attestation report that provides an auditor's opinion on both the suitability of design and the operating effectiveness of controls over a...

Explained in

  • SOC Reports and Third-Party AssuranceAn attestation report that provides an auditor's opinion on whether controls are suitably designed to meet the stated control objectives, assessed at a single...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account