Description

In today’s interconnected world, safeguarding information systems is crucial. This course will provide a comprehensive understanding of SOC engagements, exploring the types of reports (SOC 1®, SOC 2®, and SOC 3®) and the related management assertions. The use of the reports for internal controls over financial reporting (ICFR) and operations and compliance will be analyzed. This course equips accounting professionals with the knowledge to effectively lead in compliance reporting.

Instructor: Cory Ng

Target Audience

Experienced CPAs, CITP designation holders and aspirants, and accountants seeking a greater understanding of information systems and controls

Course Objectives

Explain the purpose of the Trust Services Criteria and its organization

Understand the purpose of SOC reports and the roles of key players and identify management assertions specific to different SOC engagement types

Recall the intended users of SOC 1®, SOC 2®, and SOC 3® reports

Explain how materiality is determined and used in performing a SOC engagement

Summarize the criteria for a vendor to be considered a subservice organization

Explain the considerations for deciding between the inclusive and carve-out method for subservice organizations

Define service commitments and system requirements in a SOC 2® engagement

Determine the appropriate form and content of a report on the examination of controls at a service organization

Subjects

Purpose and organization of the Trust Services Criteria

Management assertions specific to different SOC engagement types

Intended users of SOC 1®, SOC 2®, and SOC 3® reports

Determination and use of materiality in SOC engagements

Criteria for considering a vendor as a subservice organization

Inclusive vs. carve-out method for subservice organizations

Service commitments and system requirements in SOC 2® engagements

Appropriate form and content of SOC reports

Prerequisites

Basic understanding of auditing principles