Assurance and Advisory Services

SOC 2 

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide:  Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity,  Confidentiality, or Privacy  and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its  internal controls. These reports can form an important part of stakeholders:

  • Oversight of the organization
  • Vendor management program
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to  SOC 1®  engagement there are two types of report : Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls.  These reports may be restricted in use.  

 

 

Open Hide documents in this section

Page  1 2 3 4 5 >> 
Showing results 1 - 15 of 77
Order by:


Assurance and Advisory

Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on September 19, 2016

AICPA Cybersecurity Initiative

Article Currently, CPAs provide cybersecurity examination services under a variety of generally accepted professional standards and approaches. However, the AICPA believes adoption of a more consistent profession and market-wide approach for CPAs to examine and re
Published on September 17, 2016

Proposed Revision of Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Priv...

Exposure Draft ASEC is reorganizing and revising the extant trust services criteria to more closely align with the 17 principles in Internal Control—Integrated Framework, in the COSO 2013 framework. This exposure draft illustrates those changes.
Published on September 17, 2016

Proposed Description Criteria for Managements Description of and Entitys Cybersecurity Risk Management Program

Exposure Draft The AICPA is developing a new engagement that CPAs can use to assist boards of directors, senior management, and other pertinent stakeholders as they evaluate the effectiveness of an entity’s cybersecurity risk management program. This exposure draft details this engagement.
Published on September 17, 2016

Mapping of the Proposed Trust Services Criteria

Practice Aid Mapping of the Proposed Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSC) to the Existing Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSPC)
Published on September 16, 2016

Input to the Commission on Enhancing National Cybersecurity

Comment Letter Cybersecurity: AICPA comment letter to NIST on the current and future states of cybersecurity in the digital economy.
Published on September 16, 2016

Cybersecurity Reporting A Backgrounder

Overview This proposed framework is being shared with interested parties through focus groups and exposure drafts to obtain feedback and insight to ensure that it will result in decision-useful information on cybersecurity risk management.
Published on September 16, 2016

Cybersecurity Resource Center

Tools This webpage provides details and links to valuable resources for CPAs providing cybersecurity advisory and assurance services.
Published on September 16, 2016

Cybersecurity News and Articles

Article Read the latest news about cybersecurity and how it affects businesses and clients.
Published on September 14, 2016

Inventory Subledger Exposure Draft

Exposure Draft The Emerging Assurance Technologies Task Force of the AICPA Assurance Services Executive Committee (ASEC) has issued an exposure draft titled Audit Data Standards – Inventory Subledger Standard.
Published on August 19, 2016

Inventory Subledger Audit Data Standard - Exposure Draft

Exposure Draft The includes IT standards that address the Inventory subledger account. The comment period ends on August 15, 2016.
Published on August 19, 2016

Audit Data Analytics

Article The AICPA’s Assurance Services Executive Committee's (ASEC's) Emerging Assurance Technologies Task Force,
Published on August 17, 2016

Audit Data Standards

Article Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on August 17, 2016

Continuous Assurance & Continuous Control Monitoring

Article The Assurance Services Executive Committee (ASEC) Emerging Assurance Technologies Task Force is responsible for developing a conceptual framework and guidance to capitalize on emerging technologies affecting the business information supply chain, covering both internal and external reporting.
Published on August 16, 2016

Audit Data Standards Library

Article ASEC’s Emerging Assurance Technologies Task Force have created the Audit Data Standards. View all of the Standards here.
Published on August 16, 2016

Page  1 2 3 4 5 >> 
Showing results 1 – 15 of 77
Show Results per page
Copyright © 2006-2016 American Institute of CPAs.