ExpertHard1 markMultiple Choice
CPA · Question 61 · Area III: SOC Engagements
An auditor is reviewing the 'System Boundaries' in a SOC 2® engagement. Which of the following should be included in the system boundary definition?
An auditor is reviewing the 'System Boundaries' in a SOC 2® engagement. Which of the following should be included in the system boundary definition?
Answer options:
A.
Only the hardware and software.
B.
Only the security team.
C.
Infrastructure, Software, People, Procedures, and Data
D.
The financial statements of the company.
How to approach this question
Memorize the 5 SOC System Components: Infrastructure, Software, People, Procedures, Data.
Full Answer
C.Infrastructure, Software, People, Procedures, and Data✓ Correct
The system description must cover the five components of the system: Infrastructure, Software, People, Procedures, and Data.
Common mistakes
Forgetting People and Procedures.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard