This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

Technical

Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting (SOC 1(R)) - Guide Logo aicpa

  $69.00 - 99.00 |   AICPA |   Apr 2017 |   AICPA Store

This updated and improved guide is designed to help CPAs effectively perform SOC 1® engagements under AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, of Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification.

With the growth in business specialization, outsourcing tasks and functions to service organizations has become increasingly popular, increasing the demand for SOC 1 engagements.

This guide will help you do the following:

  • Gain a deeper understanding of the requirements and guidance in AT-C section 320 for performing SOC 1 engagements.
  • Obtain guidance from top CPAs on how to implement AT-C section 320 and address common and practice issues.
  • Provide best in class services related to planning, performing, and reporting on a SOC 1 engagement.
  • Successfully implement changes in AT-C section 320 arising from the issuance of SSAE 18, which is effective for reports dated on or after May 1, 2017.
  • Determine how to describe the matter giving rise to a modified opinion by providing over 20 illustrative paragraphs for different situations.
  • Understand the kinds of information auditors of the financial statements of user entities need from a service auditor's report.
  • Implement the requirement in SSAE No. 18 to obtain a written assertion from management of the service organization.
  • Organize and draft relevant sections of a type 2 report by providing complete illustrative type 2 reports that include the service auditor’s report, management’s assertion, the description of the service organization’s system, and the service auditor’s description of tests of controls and results.
  • Develop management representation letters for SOC 1 engagements.

What’s New

  • Updated for SSAE No. 18 and to reflect lessons learned in practice, this guide has been fully conformed to reflect changes resulting from SSAE No. 18, the clarified attestation standards.
  • Contains insight from expert authors on the Service Organizations Task Force composed of CPAs that all perform SOC 1® engagements and updates the guide with lessons learned in practice.
  • Includes illustrative report paragraphs describing the matter that gave rise to the report modification for a large variety of situations.

Additionally, this guide discusses and covers implementation challenges. In SSAE No. 18, the applicable requirements and application guidance for a service auditor’s engagement are contained in three different sections: AT-C section 105, Concepts Common to All Attestation Engagements, AT-C section 205, Examination Engagements, and AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. The information in each section is not repeated in the other sections, so a service auditor would have to focus on all three sections. This guide integrates the requirements and application guidance in the three sections in the discussion of service auditors’ engagements.

There is no longer an early implementation issue because SSAE No. 18 is effective for service auditor’s reports dated on or after May 1, 2017, so practitioners are already performing engagements that cover years in which SSAE No. 18 would be effective (that is, years beginning on or about May 1, 2016).

Who Will Benefit?

  • Practitioners performing SOC 1® engagements
  • Management of entities that have SOC 1® engagements being performed and auditors relying on SOC 1® reports may also find this guide useful
Topics covered:
  • Assurance: Technical: Attestation: Service organizations, Intermediate
  • Assurance: Technical: Advisory & consulting services: Service organizations, Intermediate
  • IT management & assurance: Technical: IT risk & assurance services: Service organizations, Intermediate

Online Professional Library

The AICPA Online Professional Library will operate in a variety of configurations, but only the configuration described below is supported by our technicians:

Note: The Online Professional Library will be accessible immediately after completing the purchase process. Access instructions will be shown on the Order Confirmation Screen and also included in the Order Confirmation Email. Access to the Online Professional Library is through a separate browser window. Please be sure to turn off your pop-up blocking software before you sign in and launch this product.

eBooks
Read the AICPA eBooks Quick Start Guide

Minimum system requirements are:

PDF

CD-ROM/DVD

Learn how to effectively perform SOC 1® engagements
Who Will Benefit?
  • Practitioners performing SOC 1 engagements
  • Managers of entities that have SOC 1 engagements being performed
  • Auditors relying on SOC 1 reports
Key Topics
  • Requirements and guidance in AT-C section 320 for performing SOC 1 engagements
  • Guidance from top CPAs on how to implement AT-C section 320 and address common and practice issues
  • How to provide best-in-class services related to planning, performing and reporting on a SOC 1 engagement
  • Successfully implement changes in AT-C section 320 arising from the issuance of SSAE 18
  • Determine how to describe the matter giving rise to a modified opinion
  • Understand the kinds of information financial statements auditors of user entities need from a service auditor's report
  • Organize and draft relevant sections of a type 2 report
  • Develop management representation letters for SOC 1 engagements

As business specialization grows, so does the practice of outsourcing tasks and functions to service organizations. These trends have increased the demand for SOC 1 engagements.

This guide will make sure you clearly understand how to complete a SOC 1 engagement under AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting, of Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification.

Get the basics or deepen your knowledge with these new features

Even if you're experienced with SOC engagements, this guide is an essential resource that:

  • Has been fully conformed to reflect changes resulting from SSAE No. 18, the clarified attestation standards.
  • Contains insight from expert authors on the Service Organizations Task Force composed of CPAs that all perform SOC 1® engagements. The Task Force updates the guide with lessons learned in practice.
  • Includes illustrative report paragraphs describing many different types of report modifications.

Additionally, this guide discusses implementation challenges. It integrates the SSAE No. 18 requirements and application guidance from the three applicable sections in the discussion of service auditors' engagements.

SSAE No. 18 is effective for service auditor's reports dated on or after May 1, 2017.

Comments/Reflections

You may also be interested in:

Webcast

SOC 2 Update