ExpertHard1 markMultiple Choice
CPA · Question 18 · Area III: SOC Engagements
A service organization's management refuses to provide a written assertion for a SOC 2® engagement. What action should the service auditor take?
A service organization's management refuses to provide a written assertion for a SOC 2® engagement. What action should the service auditor take?
Answer options:
A.
Issue a qualified opinion.
B.
Issue an adverse opinion.
C.
Withdraw from the engagement.
D.
Proceed but disclose the lack of assertion in the report.
How to approach this question
Apply SSAE 18 standards regarding preconditions for an examination.
Full Answer
C.Withdraw from the engagement.✓ Correct
Management's assertion is a required element of a SOC report. If they refuse to provide it, the auditor cannot issue the report.
Common mistakes
Thinking a disclaimer or qualification is sufficient.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium