Download Presentation - Plante Moran
Download Presentation - Plante Moran
Download Presentation - Plante Moran
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SOC – Types of Engagements<br />
SOC engagements are designed to meet the needs of user entities and other<br />
stakeholders by providing service organizations with criteria for describing their<br />
systems, criteria for evaluating the suitability of design and operating effectiveness of<br />
the service organization’s controls, and an independent CPA’s opinion on the<br />
description of the system and the design and operating effectiveness of the service<br />
organization’s controls.<br />
There are three SOC report options:<br />
SOC 1 reports are performed in accordance with the Statement of Standards for<br />
Attestation Engagements (SSAE 16) and focus solely on controls at the service<br />
organization that are relevant to the audit of a user’s financial statements.<br />
SOC 2 reports are performed under Attestation Standards (AT) Section 101 “Attest<br />
Engagements”, and are based on the AICPA’s Trust Services Principles and Criteria.<br />
These reports address one or more of the following key system attributes: security,<br />
availability, processing integrity, confidentiality, and privacy.<br />
There are<br />
two types of<br />
reports for<br />
both SOC 1<br />
and SOC 2<br />
examination<br />
s. A Type 1<br />
and Type 2<br />
SOC 3 reports use the same Trust Services Principles and Criteria as SOC 2. Like SOC<br />
2, SOC 3 reports can address one or more of the five Trust Services Principles and<br />
Criteria. SOC 3 reports differ from SOC 2 reports in that they are for general use, without<br />
a description of the service auditor’s tests and results.<br />
10