CPA Exam Lab
All patterns
SOC engagements

The SOC Opinion

Grade the opinion by severity: unmodified when fair, qualified for a limited problem, adverse when pervasive, disclaimer when scope is lost.

How the exam words it

The playbook

  1. 1Start from unmodified (unqualified) when the description is fairly presented and the controls are suitably designed and, for a Type 2, operating effectively.
  2. 2Step down by severity: a qualified opinion for a specific, non-pervasive problem, an adverse opinion when the issue is pervasive, and a disclaimer when a scope limitation prevents an opinion.
  3. 3Treat a carve-out subservice organization as disclosed but outside the opinion: the service auditor does not opine on the excluded controls.
  4. 4Tie the trigger to the phrase: a description not fairly presented or ineffective controls drives a qualified or adverse opinion, while a scope restriction drives a disclaimer.

The trap

Jumping to adverse for any deficiency, or thinking a carve-out is covered by the opinion. Adverse is only for pervasive problems, and carved-out controls are excluded, not opined on.

How the exam varies it

The same pattern, re-skinned along these axes:

Opinion by severity: unmodified, qualified, adverse, or disclaimerA fair-presentation problem versus a scope limitationHow a carve-out subservice organization is treated in the opinion

Drill this pattern

8 questions of The SOC Opinion from across the AUD topics. Clear it by getting 5 right with a streak of 3.

Shows up in 1 ISC topic