A CPA is engaged to perform a SOC 1® engagement. Which of the following best describes the subject matter of this engagement?

Answer options:

Controls relevant to the security, availability, and processing integrity of the system.

Controls at a service organization likely to be relevant to user entities' internal control over financial reporting (ICFR).

Controls relevant to the organization's compliance with HIPAA.

A general use report on the organization's cybersecurity risk management program.

How to approach this question

Memorize: SOC 1 = Financial Reporting. SOC 2 = Trust Services (Security, etc.). SOC 3 = Public Summary of SOC 2.

Full Answer

B.Controls at a service organization likely to be relevant to user entities' internal control over financial reporting (ICFR).✓ Correct

SOC 1 engagements address internal controls over financial reporting (ICFR). They are intended for user auditors who audit the financial statements of the service organization's clients.

Common mistakes

Thinking SOC 1 is about security (that's SOC 2).

Question 29 All questions Question 31

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →