What is AICPA?
Definition
The American Institute of Certified Public Accountants (AICPA) is the national professional organization of CPAs in the United States. The AICPA develops and maintains the SOC reporting framework, including SOC 1, SOC 2, and SOC 3 standards used to evaluate service organizations.
In Depth
Founded in 1887, the AICPA plays a central role in setting auditing and attestation standards that govern how CPA firms conduct SOC engagements. The organization publishes the Trust Services Criteria, provides guidance on report formatting, and establishes the ethical and professional standards that auditors must follow. The AICPA also collaborates with the Canadian Institute of Chartered Accountants (CICA) to maintain the criteria, ensuring they evolve alongside emerging threats and technologies. For organizations pursuing SOC 2 certification, understanding the AICPA's role is important because only CPA firms licensed by the AICPA (or equivalent bodies) can issue SOC reports, which distinguishes SOC 2 from self-assessed security questionnaires or vendor-issued certifications.
Related Frameworks
Related Terms
SOC 2 Type II
SOC 2 Type II is an auditing standard developed by the AICPA that evaluates the effectiveness of an organization's controls over a sustained period, typically 6 to 12 months. Unlike Type I which only assesses control design at a point in time, Type II verifies that controls are operating effectively throughout the observation window.
Trust Services Criteria
Trust Services Criteria (TSC) are a set of five principles defined by the AICPA that form the basis for SOC 2 audits. The five categories are Security, Availability, Processing Integrity, Confidentiality, and Privacy, each containing specific control objectives that organizations must address.
Generate compliance docs with PoliWriter
Stop reading about compliance and start achieving it. PoliWriter generates audit-ready policies customized to your organization in hours.
Get Started Free