It is appropriate to report on controls at a service organization relevant to user entities internal controls over financial reporting using the SOC 1 attestation, which has replaced SAS 70.
A company that does a SOC audit but is not a CPA firm is not permitted to express an opinion regarding the information contained in the Description of Services and Results of Testing.
When offering auditing and other attestation services, such a SOC 1 or SOC 2 examination, an AICPA member "in the public practice should be independent in fact and appearance."
To learn more about AICPA here:
https://brainly.com/question/28145689
#SPJ4
