Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CPA - AUD > A5/M5 Reporting on Controls at a Service Organization > Flashcards

A5/M5 Reporting on Controls at a Service Organization Flashcards

1
Q

what is the difference b/w service auditor and user auditor?

A
  • Service auditor audits service organization such as ADP provides payroll services for client
  • User auditor audits client who considers the service provided by the service organization as part of its information system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are objectives of service auditor?

A
  • Obtain reasonable assurance whether:
    + service organization management’s description of service system is fairly presented and it was designed and implemented throughout the specified period
    + the controls were suitably designed throughout the specified period
    + the controls operated effectively throughout the specified period
  • Report the findings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what are SOC 1 and SOC 2 reports?

A
  • SOC 1: evaluating the impact that certain relevant controls at the service organization have on the FS of the user entity
  • SOC 2 (broader): give assurance to a broader range of users regarding the controls in place at a service organization relevant to one or more of the trust services criteria of security, availability, process integrity, confidentiality, and privacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what are Type 1 and Type 2 reports?

A
  • Type 1:
    + report on the DESIGN and IMPLEMENTATION of a service organization’s controls
    + the control objectives present a specified DATE
  • Type2:
    + report on the DESIGN, IMPLEMENTATION, and OPERATING EFFECTIVENESS of a service organization’s controls
    + the control objectives present throughout a specified PERIOD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what are objectives of user auditors when a SOC 1 service auditor’s report is available?

A
  • SOC 1/Type 1 report: Only aid the user auditor in obtaining an understanding of controls
  • SOC 1/Type 2 report: provides user auditor with assurance about the design, implementation, and operating effectiveness of the service organization’s internal controls; therefore, allow a reduction in the assessed level of CONTROL RISK. Moreover, the user auditor should be satisfied with the following:
    + service auditor’s competence and independence
    + adequacy of the standards used in the service auditor’s report
    + period of time covered by the report is appropriate with user auditor’s purposes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CPA - AUD (58 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions