IBG SOC Reports - Strength and Security

SOC 1, 2, and 3 Reports Overview

The American Institute of Certified Public Accountants (AICPA) has developed the System and Organization Controls (SOC) framework, a standard for providing assurance that controls are designed and operating effectively. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.

Service audits based on the SOC framework fall into two categories, SOC 1 and SOC 2 & 3, that apply to in-scope IBG LLC brokerage services.

A SOC 1 audit, intended for CPA firms that audit financial statements, evaluates the suitability of the design and operating effectiveness of IBG’s internal controls.

A SOC 2 audit gauges the IBG and its brokerage subsidiaries’ brokerage system based on the design and operating effectiveness of the controls that address the applicable AICPA Trust Service Principles and Criteria.

At the conclusion of a SOC 1 or SOC 2 audit, the service auditor renders an opinion in a SOC 1 Type 2 or SOC 2 Type 2 report, which describes IBG’s brokerage operations/system and assesses the fairness of the IBG’s description of its controls. It also evaluates whether IBG’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.

A SOC 3 report is created—an abbreviated version of the SOC 2 Type 2 report—allowing IBG to provide assurance about its controls without disclosing details about the controls.

The Statement on Standards for Attestation Engagements and the International Standards for Assurance Engagements (ISAE) are the standards under which the audits are performed, and serves as the overall basis of the SOC 1, 2 & 3 reports.