ExpertMedium1 markMultiple Choice
CPA · Question 76 · Area III: SOC Engagements
An auditor is reviewing the 'System Description' in a SOC 2® report. Which of the following MUST be included?
An auditor is reviewing the 'System Description' in a SOC 2® report. Which of the following MUST be included?
Answer options:
A.
The types of services provided and the principal service commitments and system requirements.
B.
The salaries of key IT personnel.
C.
A guarantee of future performance.
D.
The source code of the application.
How to approach this question
Identify the 'What we do' and 'What we promised' section.
Full Answer
A.The types of services provided and the principal service commitments and system requirements.✓ Correct
The system description must describe the services provided, the principal service commitments (what was promised to customers), and the system requirements (how the system is designed to meet those promises).
Common mistakes
Thinking the description includes confidential IP like source code.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium