ExpertHard1 markMultiple Choice
CPA · Question 56 · Area III: SOC Engagements
A service organization's management refuses to provide a written assertion for a SOC 2® engagement. What action must the auditor take?
A service organization's management refuses to provide a written assertion for a SOC 2® engagement. What action must the auditor take?
Answer options:
A.
Issue a qualified opinion.
B.
Draft the assertion for them.
C.
Proceed with the audit but note the refusal in the footnotes.
D.
Withdraw from the engagement.
How to approach this question
No Assertion = No Audit. It's a dealbreaker.
Full Answer
D.Withdraw from the engagement.✓ Correct
Under attestation standards (SSAE), a written assertion from management is a precondition for acceptance and performance of the engagement. If management refuses, the auditor must withdraw (or disclaim, but typically withdraw if it's a refusal to accept responsibility).
Common mistakes
Thinking you can just qualify the opinion.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard