ExpertMedium1 markMultiple Choice
CPA · Question 34 · Area III: SOC Engagements
What is the primary difference between a SOC 2® Type I and a SOC 2® Type II report?
What is the primary difference between a SOC 2® Type I and a SOC 2® Type II report?
Answer options:
A.
Type I covers Security only; Type II covers all criteria.
B.
Type I is for public use; Type II is restricted use.
C.
Type I reports on the design of controls at a point in time; Type II reports on design and operating effectiveness over a period of time.
D.
Type I is performed by internal audit; Type II is performed by external CPA.
How to approach this question
Type I = One date (Design). Type II = Period (Design + Operation).
Full Answer
C.Type I reports on the design of controls at a point in time; Type II reports on design and operating effectiveness over a period of time.✓ Correct
A Type I report opines on the fairness of the description and the suitability of the design of controls as of a specific date. A Type II report adds an opinion on the operating effectiveness of those controls throughout a specified period (usually 6-12 months).
Common mistakes
Confusing SOC 1/2/3 with Type I/II.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard