Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Employment Documents

Testing4321

Business Insights

SOC 1 for Mortgage Service Providers

Articles by: Richey May, Aug 03, 2020

What is a SOC 1?

A SOC 1 is an audit of internal controls over financial reporting, designed explicitly for service organizations. It assures users of the effectiveness of the internal controls. Users of a SOC report include management of a service organization, management of your customer’s organization, and auditors of the user organization.

Mortgage companies are under increasing scrutiny from regulators and customers. They may request a SOC report so they can feel confident your policies and procedures will result in accurate data for financial reporting. Customers are looking for comfort that you are processing payments to mortgage loans timely, meeting investor reporting requirements, or filing bankruptcy and loss mitigation documentation in accordance with requirements in order to protect their mortgage assets.

Scope of SOC 1 Audit

A SOC 1 report is focused on financial reporting risks and controls specified by the service provider. It is most relevant when the service provider performs financial transaction processing or supports the transaction processing system. If your company provides financial processing services for mortgage companies, this may be the best scope to choose. The scope of a SOC 1 audit includes:

  • Classes of transaction
  • Procedures and methodology for processing and reporting transactions
  • Accounting records of systems
  • Management of significant events and conditions other than transactions
  • Report preparation for users
  • Other linked aspects relevant to processing and reporting user transactions

The SOC 1 audit engagement covers transaction processing controls, supporting information, technology, and IT general controls. The service provider defines control objectives, which may vary depending on the type of services you provide to your customers.

Your current controls may or may not be in alignment with the controls that users need to have from a financial reporting perspective. This report can help identify these gaps, so you can comply with what a customer’s regulatory environment requires before services begin.

Types of SOC 1 Reports

There are two types of SOC 1 reports.

  • Type I: Also referred to as “point in time” report. This report covers an audit occurring as of a specific date, detailing the control framework at that specific time.
  • Type II: This report pertains to the testing of controls over a duration of time.
Type IType II
CoverageSingle point of time, “as of” dateDuration, Period of time
AssessmentDesignDesign
Operating Effectiveness
Results of test

Among these two types, Type II is considered more reliable as it involves testing the effectiveness of controls over a period of time.

Why is the SOC 1 Report Needed?

By providing the SOC report to customers, the customers are assured that the mortgage services provider uses procedures in a way that ensures the financial data provided is consistent with regulatory requirements.

The report demonstrates your reliability and credibility to the customer, enabling them to trust your company with sensitive financial data.

Our team specializes in SOC Audits for mortgage service providers. Our industry specialization means we can help you choose the framework your customers need and execute your audit and report at a high level. Contact us today to get started.