The purpose of this course is to introduce SOC reporting to an experienced auditor that is about to offer or perform SOC reporting engagements or an experienced auditor that wants to get an overview of the replacement of SAS70 with SOC 1, 2 & 3 reporting.
Objectives:
- Describe the service organization climate and history including the replacement of SAS 70, with SOC reporting
- Make decisions about which SOC service a client needs and communicate with a client about the service they need
- Describe the types of SOC reporting: Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting (SOC 1) and Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy (SOC 2 & 3)
- Describe the guidance for performing SOC 1, 2, 3 engagements
Prerequisite: General understanding of auditing and internal controls
