An auditor is reviewing a client's use of a service organization for payroll processing. The auditor receives a Type 2 SOC 1 report. What does this report provide that a Type 1 report does not?

Answer options:

A description of the service organization's system.

Assurance that the controls are suitably designed.

Assurance on the operating effectiveness of the service organization's controls over a period of time.

An opinion on the fairness of the service organization's financial statements.

How to approach this question

Distinguish SOC 1 Type 1 (Design/Snapshot) vs Type 2 (Effectiveness/Movie).

Full Answer

C.Assurance on the operating effectiveness of the service organization's controls over a period of time.✓ Correct

Assurance on the operating effectiveness of the service organization's controls over a period of time.

A Type 2 report includes the service auditor's opinion on the fairness of the presentation of the description of the system AND the suitability of the design AND the operating effectiveness of the controls. A Type 1 report only covers design and description.

Common mistakes

Thinking Type 1 allows for control risk reduction (it doesn't).

Question 22 All questions Question 24

Practice the full CPA AUD Practice Exam

78 questions · hints · full answers · grading

More questions from this exam

Q01A CPA firm is auditing a large public company. The audit partner's spouse has just been promoted ...Hard Q02During the acceptance phase of a new audit engagement for a private company, the successor audito...Hard Q03A CPA firm is designing its system of quality control. Which of the following policies would most...Medium Q04An auditor is establishing an understanding with a client regarding the services to be performed ...Medium Q05Under the AICPA Code of Professional Conduct, which of the following fee arrangements is prohibit...Medium

View all 78 questions →