Your controls, trusted by your client's own auditors.
B4Q performs independent SOC 1 examinations under SSAE 18 for service organizations whose controls affect their clients' financial statements — payroll processors, fund administrators, and SaaS billing platforms among them.
- SSAE 18-based control objectives
- Type I & Type II reports
- Not to be confused with SOC 2
When your controls become part of someone else's audit.
If you process payroll, administer funds, run billing, or otherwise touch data that ends up on a client's financial statements, their auditor has to get comfortable with your controls too — not just yours, but the ones that ripple into their books.
A SOC 1 report is how you give their auditor that comfort without a dozen separate site visits: one independent examination of your control objectives that their audit team can rely on directly.
- 01 Satisfies user auditors instead of fielding repeated ad hoc control questions.
- 02 Removes SOC 1 as a blocker in enterprise and financial-sector sales cycles.
- 03 Documents exactly which controls your clients are still responsible for (CUECs).
What actually applies to you
If your controls affect their books, this is for you.
SOC 1 doesn't have a fixed set of criteria like SOC 2 — instead, it's built around the specific control objectives relevant to your service and your clients' financial reporting.
Payroll Processors
Wage calculations and tax withholdings flow directly into client financial statements.
Fund Administrators
NAV calculations and investor reporting underpin fund-level financial statements.
SaaS Billing Platforms
Revenue recognition and invoicing accuracy ripple straight into client revenue lines.
Trust & Custody Services
Asset custody and transaction processing directly affect client account balances.
Type I or Type II — scoped to your renewal timeline.
Like SOC 2, SOC 1 comes in two flavors — a point-in-time design opinion, or an operating-effectiveness opinion over a monitoring period.
SOC 1 Type I
Evaluates whether your control objectives are suitably designed as of a specific date — the fastest way to give user auditors an initial basis for reliance.
- Fastest path to a shareable report
- Confirms control design before Type II
- Common first step for new service organizations
SOC 1 Type II
Tests whether your control objectives actually operated effectively over an observation period — what most user auditors ultimately need to place reliance for their own audit.
- The report most user auditors ultimately require
- Demonstrates sustained control operation
- Renewed annually to maintain client reliance
From control objectives to a report your clients' auditors trust.
Because SOC 1 has no fixed criteria, getting the scope right at the start matters more than in almost any other engagement.
Scoping Control Objectives
We define the control objectives relevant to your service and your clients' financial reporting — the foundation of the entire report.
Identifying CUECs
Complementary User Entity Controls are documented — the controls your clients still need to operate on their end.
Readiness Assessment
We flag control gaps against the defined objectives before the formal examination clock starts.
Type I Assessment
Our examiners test whether your controls are suitably designed as of a point in time and issue your Type I report.
Observation Period
Controls run and are monitored over your chosen window, building the operating-effectiveness evidence Type II requires.
Type II Examination & Report Issuance
We test operating effectiveness across the period and issue the final report your clients can share with their auditors.
SOC 1 or SOC 2 — most confusion starts here.
The two reports answer different questions. Some service organizations need both.
A report your clients' auditors actually accept.
Scoped correctly the first time, since a poorly scoped SOC 1 creates more questions than it answers.
Control Objectives, Scoped Right
We define objectives around what your clients' auditors actually need to see, not a generic template.
CUECs Documented Clearly
Your clients know exactly what's on them, reducing disputes during their own audit.
SOC 1 & SOC 2, Coordinated
If you need both reports, we run them as one coordinated program, not two separate audits.
Timelines You Can Plan Around
Clear milestones from kickoff to issuance, so your sales team knows what to expect.
50+ Businesses Served
Across payroll, fund administration, and financial-adjacent service organizations.
96% Client Retention
Clients return year after year for their Type II renewal.
SOC 1, answered.
Ready for a report your clients' auditors trust?
Book a free strategy call and we'll scope the right control objectives for your service.