This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.


SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy Logo aicpa

  $70.00 - 100.00 |   AICPA |   Feb 2018 |   AICPA Store
Learn to effectively perform SOC 2 and SOC 3® examination engagements
Key Topics
  • Requirements and guidance in SSAE No. 18
  • How to efficiently plan, perform and report on SOC 2 and SOC 3 engagements
  • How to describe a matter giving rise to a modified opinion
  • Organize and draft relevant sections of a type 1 SOC 2 report and SOC 3 report
  • Develop management representation letters for SOC 2 and SOC 3 engagements
  • Apply the 2017 trust services criteria in SOC 2 and SOC 3 examinations
  • Apply the 2018 description criteria in SOC 2 examinations
Who Will Benefit?
  • Practitioners performing SOC 2 and SOC 3 engagements
  • Managers of service organizations that have SOC 2 and SOC 3 engagements being performed
  • SOC 2 and SOC 3 report readers

Updated as of January 1, 2018, this guide is the industry standard resource that will help you understand the issues in reporting on an examination of Service Organization Controls.
You'll also learn:

  • The difference between a type 1 and type 2 SOC 2 report
  • What goes into planning, performing and reporting on SOC 2 and SOC 3 engagements
  • Examples of service organizations
  • How to prepare the description of the service organization's system
See what's new

You'll want to have this this guide available as a resource that:

  • Has been fully updated and formatted to reflect lessons learned in practice for SSAE No. 18 (clarified attestation standards).
  • Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements.
  • Includes illustrative report paragraphs describing many different types of report modifications.
  • Includes a new appendix for performing and reporting on a SOC 2 examination.
Topics covered:
  • Assurance: Technical: Attestation: Service organizations, Intermediate
  • Assurance: Technical: Advisory & consulting services: Service organizations, Intermediate
  • IT management & assurance: Technical: IT risk & assurance services: Service organizations, Intermediate