Section 3: 15–25%I13
Performing and Reporting on SOC Engagements
Exam Insight
Once you know the report types and criteria, the exam tests how the engagement is actually performed and how the service auditor reaches and reports an opinion. Knowing what triggers a qualified, adverse, or disclaimer opinion and how subservice organizations and CUECs affect the report is essential to ISC reporting questions.
CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.
What AICPA Wants You to Know
- 1Distinguish management's responsibilities from the service auditor's responsibilities in a SOC engagement.
- 2Describe how the service auditor tests controls and identifies deviations (exceptions).
- 3Identify the four opinion types and what triggers each.
- 4List the major sections of a SOC report and the purpose of the restricted-use paragraph.
- 5Explain how subservice organizations (carve-out vs inclusive) and CUECs affect the opinion and report.
- 6Evaluate test results to determine whether an exception affects the opinion.