Assurance and Advisory Services

    SOC 2 

    Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

    These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide:  Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity,  Confidentiality, or Privacy  and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its  internal controls. These reports can form an important part of stakeholders:

    • Oversight of the organization
    • Vendor management program
    • Internal corporate governance and risk management processes
    • Regulatory oversight

    Similar to  SOC 1®  engagement there are two types of report : Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls.  These reports may be restricted in use.  

     

     

    Open Hide documents in this section

    Page  1 2 3 4 5
    Showing results 1 - 15 of 66
    Order by:


    Assurance Services Executive Committee

    Article The ASEC's mission is to assure the quality, relevance, and usefulness of information or its context for decision makers and other users by identifying and prioritizing emerging trends and market needs for assurance, and developing related assurance methodology guidance and tools as needed.
    Published on February 01, 2016

    Sample of HITRUST CSF Certification Report

    Sample Report This document illustrates a sample of HITRUST CSF Certification Report and is provided for use by HITRUST.
    Published on December 01, 2015

    SOC 2 Additional Subject Matter

    Article Learn about additional considerations when a service organization requests that the service auditor’s report address either criteria in addition to the applicable trust services criteria or additional subject matter related to the service organization’s services using additional suitable criteria related to that subject matter, or both.
    Published on November 30, 2015

    SOC 2 HITRUST Illustrative Report

    Article The AICPA has developed an illustrative report to assist CPAs in reporting on the fairness of the presentation of a description of a service organization’s system relevant to security, availability and confidentiality, and the suitability of the design and operating effectiveness of controls.
    Published on November 30, 2015

    HITRUST Frequently Asked Questions

    Article The Health Information Trust (HITRUST) Alliance, the organization responsible for the development of the HITRUST Common Security Framework (CSF), and the AICPA have collaborated to develop and publish a set of recommendations to streamline and simplify the process of leveraging the HITRUST CSF and CSF Assurance programs for SOC 2®
    Published on November 30, 2015

    Audit Data Standards

    Article Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
    Published on October 06, 2015

    Service Organization Control (SOC) Reports

    Overview Service Organization Control  Reports® are internal control reports on the services provided by a service organization. SOC reports provide valuable information users need to assess and address the risks associated with an outsourced service. The AICPA provides tools and resources to CPAs, service organizations and user entities needed to build
    Published on September 23, 2015

    Risk Assurance and Advisory Services

    Article Risk Assurance task force will develop guidance for assurance to evaluate and organization enterprise risk management process to supplement  COSO ERM framework
    Published on September 08, 2015

    The Use of Information Technology in Risk Management

    White Paper This report was written for risk professionals and CPAs engaged in operating, managing, and evaluating the effectiveness of risk management functions and their investments in risk information technology (IT).
    Published on September 08, 2015

    Trust Services and Information Integrity

    Article The Trust Information Integrity Task Force is focused on updating and maintaining the Trust Services Principles and Criteria (TSPC) and creating a framework of principles and criteria to provide assurance on the integrity of information. The task force is also developing a Audit Guide on reporting on controls relevant to the security, availability,
    Published on August 28, 2015

    Audit Data Standards

    Article Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
    Published on August 21, 2015

    Continuous Assurance & Continuous Control Monitoring

    Article The Assurance Services Executive Committee (ASEC) Emerging Assurance Technologies Task Force is responsible for developing a conceptual framework and guidance to capitalize on emerging technologies affecting the business information supply chain, covering both internal and external reporting.
    Published on August 20, 2015

    Audit Data Analytics

    Article The AICPA’s Assurance Services Executive Committee (ASEC), has created an Emerging Assurance Technologies Task Force (TF), which has worked primarily on three projects related
    Published on August 20, 2015

    Audit Analytics and Continuous Audit Looking Toward the Future

    Article This book is a compendium of essays written by different subject matter experts that expands upon the CICA and AICPA 1999 research report to discuss the following topics: Audit Analytics The theory of modern continuous assurance
    Published on August 20, 2015

    Audit Analytics Framework

    Article ASEC’s Emerging Assurance Technologies Task Force established the Audit Data Analytics working group, which focuses on what to do with standardized data once it is received. This working group is current exploring how to map the current audit objectives
    Published on August 03, 2015

    Page  1 2 3 4 5
    Showing results 1 – 15 of 66
    Show Results per page
    Copyright © 2006-2016 American Institute of CPAs.