Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2) - AICPA Guide

This new guide update, issued March 1, 2012 provides "how-to" guidance for service auditors performing examinations under AT section 101, Attest Engagements (AICPA, Professional Standards), to report on a service organization’s controls over its system relevant to security, availability, processing integrity, confidentiality, or privacy, commonly referred to as a service organization controls (SOC) 2 engagement.

Depository and Lending Institutions: Banks and Savings Institutions, Credit Unions, Finance Companies, and Mortgage Companies

The AICPA Depository and Lending Institutions: Banks and Savings Institutions, Credit Unions, Finance Companies, and Mortgage Companies Audit and Accounting Guide, offers clear and practical guidance on developments in areas such as transfers and servicing, troubled debt restructurings, financing receivables and the allowance for loan losses, and fair value measurements.

Service Organizations: Reporting on Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting Guide (SOC 1)

Considered the industry standard resource and updated as of May 2013, this Guide helps CPAs effectively perform service organization control (SOC 1) engagements under Statement on Standards for Attestation Engagements (SSAE) No 16