وبلاگ بلیان

Guide: SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (AICPA)

معرفی کتاب «Guide: SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (AICPA)» نوشتهٔ American Institute of Certified Public Accountants (AICPA)، منتشرشده توسط نشر Wiley Professional Development (P&T) در سال 2018. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Updated as of January 1, 2018, this guide includes relevant guidance contained in applicable standards and other technical sources. It explains the relationship between a service organization and its user entities, provides examples of service organizations, describes the description criteria to be used to prepare the description of the service organization’s system, identifies the trust services criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2 report, and provides illustrative reports for CPAs engaged to examine and report on system and organization controls at a service organization. It also describes the matters to be considered and procedures to be performed by the service auditor in planning, performing, and reporting on SOC 2 and SOC 3 engagements. New to this edition are: Updated for SSAE No. 18 (clarified attestation standards), this guide has been fully conformed to reflect lessons learned in practice Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements Includes illustrative report paragraphs describing the matter that gave rise to the report modification for a large variety of situations Includes a new appendix for performing and reporting on a SOC 2 examination in accordance with International Standards on Assurance Engagements (ISAEs) or in accordance with both the AICPA’s attestation standards and the ISAEs Content: Intro Title Page Copyright Chapter 1 Introduction and Background Introduction Intended Users of a SOC 2® Report Overview of a SOC 2® Examination Contents of the SOC 2® Report Definition of a System Boundaries of the System Time Frame of Examination Difference Between Privacy and Confidentiality Criteria for a SOC 2® Examination The Service Organization's Service Commitments and System Requirements SOC 2® Examination That Addresses Additional Subject Matters and Additional Criteria SOC 3® Examination Other Types of SOC Examinations: SOC Suite of Services SOC 1®-SOC for Service Organizations: ICFRSOC for Cybersecurity Professional Standards Attestation Standards Code of Professional Conduct Quality in the SOC 2® Examination Definitions Chapter 2 Accepting and Planning a SOC 2® Examination Introduction Understanding Service Organization Management's Responsibilities Management Responsibilities Prior to Engaging the Service Auditor Management Responsibilities During the Examination Management's Responsibilities During Engagement Completion Responsibilities of the Service Auditor Engagement Acceptance and Continuance Independence Competence of Engagement Team MembersPreconditions of a SOC 2® Engagement Determining Whether the Subject Matter Is Appropriate for the SOC 2® Examination Determining Whether Management Is Likely to Have a Reasonable Basis for Its Assertion Assessing the Suitability and Availability of Criteria Assessing the Appropriateness of the Service Organization's Principal Service Commitments and System Requirements Stated in the Description Requesting a Written Assertion and Representations From Service Organization Management Agreeing on the Terms of the Engagement Accepting a Change in the Terms of the ExaminationAdditional Considerations for a Request to Extend or Modify the Period Covered by the Examination Establishing an Overall Examination Strategy for and Planning the Examination Planning Considerations When the Inclusive Method Is Used to Present the Services of a Subservice Organization Considering Materiality During Planning Performing Risk Assessment Procedures Obtaining an Understanding of the Service Organization's System Assessing the Risk of Material Misstatement Considering Entity-Level Controls Understanding the Internal Audit FunctionPlanning to Use the Work of Internal Auditors Evaluating the Competence, Objectivity, and Systematic Approach Used by Internal Auditors Determining the Extent to Which to Use the Work of Internal Auditors Coordinating Procedures With the Internal Auditors Evaluating Whether the Work of Internal Auditors Is Adequate for the Service Auditor's Purposes Planning to Use the Work of an Other Practitioner Planning to Use the Work of a Service Auditor's Specialist Accepting and Planning a SOC 3® Examination Chapter 3 Performing the SOC 2® Examination Intro -- Guide: SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy -- Preface -- Table of Contents -- Chapter 1 Introduction and Background -- Introduction -- Intended Users of a SOC 2® Report -- Overview of a SOC 2® Examination -- Contents of the SOC 2® Report -- Definition of a System -- Boundaries of the System -- Time Frame of Examination -- Difference Between Privacy and Confidentiality -- Criteria for a SOC 2® Examination -- The Service Organization's Service Commitments and System Requirements -- SOC 2® Examination That Addresses Additional Subject Matters and Additional Criteria -- SOC 3® Examination -- Other Types of SOC Examinations: SOC Suite of Services -- SOC 1®-SOC for Service Organizations: ICFR -- SOC for Cybersecurity -- Professional Standards -- Attestation Standards -- Code of Professional Conduct -- Quality in the SOC 2® Examination -- Definitions -- Chapter 2 Accepting and Planning a SOC 2® Examination -- Introduction -- Understanding Service Organization Management's Responsibilities -- Management Responsibilities Prior to Engaging the Service Auditor -- Management Responsibilities During the Examination -- Management's Responsibilities During Engagement Completion -- Responsibilities of the Service Auditor -- Engagement Acceptance and Continuance -- Independence -- Competence of Engagement Team Members -- Preconditions of a SOC 2® Engagement -- Determining Whether the Subject Matter Is Appropriate for the SOC 2® Examination -- Determining Whether Management Is Likely to Have a Reasonable Basis for Its Assertion -- Assessing the Suitability and Availability of Criteria -- Assessing the Appropriateness of the Service Organization's Principal Service Commitments and System Requirements Stated in the Description
دانلود کتاب Guide: SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (AICPA)