Assurance and Advisory Services

SOC 2 

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide:  Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity,  Confidentiality, or Privacy  and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its  internal controls. These reports can form an important part of stakeholders:

  • Oversight of the organization
  • Vendor management program
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to  SOC 1®  engagement there are two types of report : Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls.  These reports may be restricted in use.  

 

 

Open Hide documents in this section

Page  1 2 3 4 5 >> 
Showing results 1 - 15 of 78
Order by:


Cybersecurity Resource Center

Tools This webpage provides details and links to valuable resources for CPAs providing cybersecurity advisory and assurance services.
Published on November 18, 2016

Cybersecurity News and Articles

Article Read the latest news about cybersecurity and how it affects businesses and clients.
Published on November 18, 2016

AICPA Cybersecurity Initiative

Article CPAs provide cybersecurity examination services under a variety of generally accepted professional standards and approaches.
Published on November 08, 2016

Cybersecurity Risk Management Fact Sheet

FAQ Cybersecurity is one of the top issues currently on the minds of management and boards in just about every company in the world. This fact sheet provides additional details regarding risk management.
Published on November 08, 2016

Assurance and Advisory

Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on September 29, 2016

Cybersecurity Illustrative Managements Description

Practice Aid This document contains a description of a hypothetical entity’s cybersecurity risk management program and is for illustrative purposes only and is not meant to be prescriptive. The presentation illustrates how the hypothetical entity could prepare a description of its cybersecurity risk management program in accordance with the proposed description.
Published on September 23, 2016

Proposed Revision of Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Priv...

Exposure Draft ASEC is reorganizing and revising the extant trust services criteria to more closely align with the 17 principles in Internal Control—Integrated Framework, in the COSO 2013 framework. This exposure draft illustrates those changes.
Published on September 16, 2016

Proposed Description Criteria for Managements Description of and Entitys Cybersecurity Risk Management Program

Exposure Draft The AICPA is developing a new engagement that CPAs can use to assist boards of directors, senior management, and other pertinent stakeholders as they evaluate the effectiveness of an entity’s cybersecurity risk management program. This exposure draft details this engagement.
Published on September 16, 2016

Mapping of the Proposed Trust Services Criteria

Practice Aid Mapping of the Proposed Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSC) to the Existing Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (TSPC)
Published on September 16, 2016

Input to the Commission on Enhancing National Cybersecurity

Comment Letter Cybersecurity: AICPA comment letter to NIST on the current and future states of cybersecurity in the digital economy.
Published on September 16, 2016

Cybersecurity Reporting A Backgrounder

Overview This proposed framework is being shared with interested parties through focus groups and exposure drafts to obtain feedback and insight to ensure that it will result in decision-useful information on cybersecurity risk management.
Published on September 16, 2016

Inventory Subledger Exposure Draft

Exposure Draft The Emerging Assurance Technologies Task Force of the AICPA Assurance Services Executive Committee (ASEC) has issued an exposure draft titled Audit Data Standards – Inventory Subledger Standard.
Published on August 18, 2016

Inventory Subledger Audit Data Standard - Exposure Draft

Exposure Draft The includes IT standards that address the Inventory subledger account. The comment period ends on August 15, 2016.
Published on August 18, 2016

Audit Data Analytics

Article The AICPA’s Assurance Services Executive Committee's (ASEC's) Emerging Assurance Technologies Task Force,
Published on August 16, 2016

Audit Data Standards

Article Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on August 16, 2016

Page  1 2 3 4 5 >> 
Showing results 1 – 15 of 78
Show Results per page
Copyright © 2006-2016 American Institute of CPAs.