Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AUD: A5 SECTION > A5 Reporting on Controls at a Service Org > Flashcards

A5 Reporting on Controls at a Service Org Flashcards

1
Q

SOC 1 Engagements

A

Service Organization Control or SOC 1 engagements are primarily aimed at the internal control over financial reporting. They are designed for entities like service orgs that provide services that could impact their client’s FS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of SOC Reports

A

Two types of SOC reports are Type 1 & Type 2 which are normally used by service org’s mgmt, user auditor, and entities (restricted use).

Type 1 report evaluates the suitability of the design of the controls at a specific point in time. Doesnt include test of operating effectiveness which means its not intended to provide the user auditor with a basis of reducing assessment of CR. The report should therefore include a disclaimer of opinion regarding operating effectiveness of controls.

Type 2 report assesses the effectiveness of those controls over a period ( 6 - 12 months).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SOC 2 Engagements

A

SOC 2 engagements has a broader audience & focus on controls related to security, availability, processing integrity, confidentiality, & privacy of a system. These are also based on a Trust Services Criteria.

SOC 2 engagements also have 2 types of reports:
Type 1 focuses on fairness of mgmt presentation on descriptions of the system & suitability of control design.

Type 2 Evaluates the operating effectiveness over a certain period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SOC 1 & SOC 2 Differences

A

Key differences are that SOC 1 is focused on financial reporting while SOC 2 is focused on principles of security.

SOC 1 is for user entities & their auditors concerned with financial reporting.

SOC 2 targets a wider audience & is more concerned with information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Service Auditor

A

Reports on controls of a service org that may be relevant to a user org’s internal controls as it relates to an audit of financials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Service Org’s

A

These are outside org’s that are used by an entity to process some portion of their accounting transactions (payroll. etc.) Services are considered a part of a user org’s information system when those services affect the initiation, execution, processing, or reporting of the user’s company transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AUD: A5 SECTION (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions