As entities continue to oursource financially significant processes, auditors will need to rely on third party assessments of the effectiveness of the controls over these processes. These assessments are called SOC1 reports. Understanding the scope, level of testing and results of such reports is critical to the successful completion of any financial statement audit. In this course, we’ll review the relevant information which auditors need to know about SOC1s, including their professional standards guidance, scope (Type 1 or 2), coverage and user auditor response to control deficiencies identified by the service auditor.
Learning Objectives
- Identify the types of business processes that are outsourced
- Identify when an auditor should request a SOC report
- Discuss with clients why it is important for management to obtain SOC reports on an ongoing basis
- Understand the role of the SOC report in an audit
- Identify the characteristics of SOC 1, 2, and 3 reports
- Perform the procedures necessary to evaluate a SOC report
- Prepare documentation to support the evaluation of a SOC report
Major Topics
- Types of SOC reports
- Uses of SOC reports by user auditors
- Characteristics of SOC reports
- Format of a SOC1 report
- Using a SOC1 report on a financial statement audit
