M5 Reporting on Controls at a Service organization

Question 1

What is a service organization?

Answer 1

an outside organization used by an entity to process some portion of their accounting transactions

Question 2

Service organization controls =

Answer 2

user entity’s information system

Question 3

SOC1

Answer 3

Reports on internal control over financial reporting (ICFR)

Question 4

SOC2

Answer 4

Intended to give assurance to a broad range of users regarding the controls in place at a service organization:
Security
Availability
Privacy

Question 5

Type 1 Report

Answer 5

Reports on the design and implementation of a service organizations controls (not operating effectiveness)

Question 6

Type 2 Report

Answer 6

Report on the design, implementation, and operating effectiveness of a service organizations controls

Question 7

Service auditor responsibilities include

Answer 7

-Read the other information to identify any material inconsistencies or misstatements
-Include a description of the scope and nature of the auditor’s procedures

Question 8

User auditor responsibilities:

Answer 8

Make inquiries regarding the professional reputation of the service auditor

Question 9

Which SOC report is restricted

Answer 9

Both

Question 10

When should you include management’s description of the service organization’s system.

Answer 10

In a Type 1 or Type 2 Attestation