Which SOC report fits controls that affect a customer's financial reporting?
I keep mixing up SOC 1 and SOC 2 when the question mentions payroll or transaction processing. What is the cleanest signal for the exam?
SOC 1 is the usual fit when the service organization's controls are relevant to user entities' internal control over financial reporting. Think payroll processing, loan servicing, transaction processing, billing, or other outsourced processes that feed customer financial statements.
SOC 2 is not wrong because it is less important; it is wrong when the user need is specifically financial reporting. SOC 2 is built around Trust Services Criteria such as security, availability, processing integrity, confidentiality, and privacy.
Master ISC with our CPA Course
86 lessons · 160+ hours· Expert instruction
Related Questions
How does the 80 percent control test work in a Section 351 transfer?
When do liabilities assumed trigger gain under Section 357?
How do I compute stock basis and corporate basis in a Section 351 transaction?
Do services in exchange for stock create ordinary income at corporate formation?
Why do CPA AUD transaction-cycle questions feel like FAR questions?
Related Articles
Join the Discussion
Ask questions and get expert answers.