Hard1 markMultiple Choice

Area III: SOC EngagementsAudit TerminologySOC 2Area III

CPA · Question 25 · Area III: SOC Engagements

In the context of a SOC 2® engagement, what is the definition of a 'deviation'?

Answer options:

A.

A misstatement in the financial statements.

B.

A condition where a control is not operating as designed or documented.

C.

A deliberate fraud attempt by an employee.

D.

A change in the system description.

How to approach this question

Define 'deviation' in audit terms. It means the control didn't work this one time.

Full Answer

B.A condition where a control is not operating as designed or documented.✓ Correct

A deviation occurs when the auditor finds an instance where the control was not applied or did not operate as prescribed by the control description.

Common mistakes

Confusing deviation (control failure) with misstatement (financial error).

Question 24 All questions Question 26

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →