Objective
- Explain the purpose of the Trust Services Criteria and its organization
- Understand the purpose of SOC reports and the roles of key players and identify management assertions specific to different SOC engagement types
- Recall the intended users of SOC 1®, SOC 2®, and SOC 3® reports
- Explain how materiality is determined and used in performing a SOC engagement
- Summarize the criteria for a vendor to be considered a subservice organization
- Explain the considerations for deciding between the inclusive and carve-out method for subservice organizations
- Define service commitments and system requirements in a SOC 2® engagement
- Determine the appropriate form and content of a report on the examination of controls at a service organization
Highlights
- Purpose and organization of the Trust Services Criteria
- Management assertions specific to different SOC engagement types
- Intended users of SOC 1®, SOC 2®, and SOC 3® reports
- Determination and use of materiality in SOC engagements
- Criteria for considering a vendor as a subservice organization
- Inclusive vs. carve-out method for subservice organizations
- Service commitments and system requirements in SOC 2® engagements
- Appropriate form and content of SOC reports
Designed For
Experienced CPAs, CITP designation holders and aspirants, and accountants seeking a greater understanding of information systems and controlsPrerequisite
Basic understanding of auditing principlesAdvanced Preparation
None