ISC - S4

0.0(0)

Studied by 0 people

0.0(0)

Call Kai

Learn

Practice Test

Spaced Repetition

Match

Flashcards

Knowt Play

Card Sorting

1/9

There's no tags or description

Looks like no tags are added yet.

Study Analytics

Name	Mastery	Learn	Test	Matching	Spaced

No study sessions yet.

10 Terms

New cards

Describe a SOC1 engagement for a service org

ICFR
report restricted to management, user entities, and auditors

New cards

Describe a SOC2 engagement for a service org

5 TSC
Report for those with sufficient knowledge and understanding of service org…

New cards

Describe a SOC3 engagement for a service org

Like SOC2, it does not include a description of the system or the auditor’s test of controls.

New cards

Type 1 SOC report

Report on

fairness of the presentation of management’s description
suitability of the design of controls
(specified date)

New cards

Type 2 SOC report

Report on

fairness of the presentation of management’s description
suitability of the design of controls
Effectiveness of controls
(specified period)

New cards

5 TSC

CAPPS

Confidentiality
Availability
Processing Integrity
Privacy
Security

New cards

5 Components of COSO framework

CRIME

Control Environment
Risk Assessment
Information & Communication
Monitoring
Existing Control Activities

New cards

4 key components of a SOC report

Management’s description of the system
Management’s assertion
independent service auditor’s report
Auditor’s tests of controls and results of tests

New cards

CSOCs (complementary subservice organization controls) vs CUECs (complementary user entity controls)

CSOCs

controls a subservice org must execute in order for a service orgs controls to function effectively

CUECs

controls a user entity must employ for the service org’s controls to function

(the service org relies on vendors or client for controls to work)

New cards

Management uses either the carve-out or inclusive method to report on what subject matter?

CSOCs