Understand the different sections in SOC 1 Type 2 report and their significance.
What you will learn
Understand what SOC reports are and guidance to read a SOC 1 Report
Identify different sections of SOC 1 report and significance
How SOC reports can be used to assess a vendor
Apply the learnings to read any SOC 1 report
Description
This course will help to understand the need for SOC reports, the basics of reading SOC 1 reports, the types of SOC reports, and the significance of different sections within the SOC report.
As IT Managers/IT auditors/anyone who is interested in SOC Reports, this course will help you to:
1) Understand how SOC reports are prepared & why we need them?
2) The course introduces you to the different types of SOC reports available and learn in detail about SOC 1 reports:
- SOC1
- SOC2
- SOC3
- SOC for cybersecurity
- SOC for Supply chain
- Type 1 and type 2 reports
3) How SOC reports are used by a customer and the Vendor?
4) Different sections and terms within the SOC 1 report including Complementary User entity controls and Complimentary Sub service Organization controls.
5) Deep dive into each section of the report with examples as needed:
- Independent Service Auditorβs opinion (Qualified, Unqualified, Adverse, Disclaimer)
- Management Assertion
- System Description
- Control objectives, Controls, and Test results
- Relationship between Control Objectives and risks
- Complementary User Entity controls and Complimentary Sub service organization controls
- Other information & Management Response
6) Other useful information such as the Bridge letter
7) Sub-service Organizations( Inclusive, Carve-out methods)
8) Characteristics of Control activities
9) Internal control over financial reporting
10) General IT controls
11) Attestation Standards such as SSAE18(Statement on Standards for attestation engagements 18) and ISAE3402
Content