An auditor is auditing the financial statements of a nonissuer. The auditor uses a service organization for payroll. The auditor receives a SOC 1 Type 1 report. Which of the following is a limitation of this report?

Answer options:

It does not describe the service organization's system.

It does not include an opinion from the service auditor.

It does not provide evidence of the operating effectiveness of controls.

It cannot be used to obtain an understanding of internal control.

How to approach this question

SOC 1 Type 1 vs Type 2. Type 1 = Design (Can I trust the plan?). Type 2 = Operating Effectiveness (Did they follow the plan?). Only Type 2 allows you to reduce control risk.

Full Answer

C.It does not provide evidence of the operating effectiveness of controls.✓ Correct

A SOC 1 Type 1 report addresses the fairness of the presentation of the system and the suitability of the design of controls as of a specific date. It does NOT test operating effectiveness, so the user auditor cannot use it to reduce control risk (rely on controls).

Common mistakes

Thinking Type 1 allows control reliance.

Question 65 All questions Question 67

Practice the full CPA AUD Practice Exam 2

78 questions · hints · full answers · grading

More questions from this exam

Q01An auditor is performing an audit of a nonissuer's financial statements. During the engagement, t...Hard Q02A CPA firm is auditing the financial statements of an issuer, TechGlobal Inc. The lead audit part...Hard Q03An auditor is conducting an audit of a nonissuer in accordance with GAO Government Auditing Stand...Hard Q04During the audit of a nonissuer, the auditor identifies a significant risk of fraud related to re...Hard Q05An auditor is accepting an engagement to audit the financial statements of a new nonissuer client...Hard

View all 78 questions →