Question 1

An auditor is testing the operating effectiveness of a user entity's internal controls. The user entity outsources its payroll processing to a service organization. The auditor obtains a SOC 1 Type 2 report from the service organization. The report identifies several exceptions in the testing of the service organization's controls. Which of the following factors is MOST important for the user auditor to consider in determining the effect of these exceptions on the user entity's audit?

Accepted Answer

Understand the concept of CUECs (Complementary User Entity Controls). A SOC report is a handshake; both sides have duties.

Question 2

What mistakes do candidates make on this CPA question?

Accepted Answer

Assuming any exception in a SOC report means the control failed completely for the audit.

How to approach this question

Full Answer

Common mistakes

Practice the full CPA AUD Practice Exam 2

More questions from this exam