ExpertMedium1 markMultiple Choice
CPA · Question 46 · Area III: SOC Engagements
What is the primary difference between a 'Type I' and 'Type II' SOC report?
What is the primary difference between a 'Type I' and 'Type II' SOC report?
Answer options:
A.
Type I is for financial controls; Type II is for security controls.
B.
Type I reports on the design of controls at a point in time; Type II reports on design and operating effectiveness over a period of time.
C.
Type I includes an auditor's opinion; Type II does not.
D.
Type I is mandatory; Type II is optional.
How to approach this question
Memorize: Type I = Design/Point. Type II = Effectiveness/Period.
Full Answer
B.Type I reports on the design of controls at a point in time; Type II reports on design and operating effectiveness over a period of time.✓ Correct
Type I reports on the design of controls at a point in time; Type II reports on design and operating effectiveness over a period of time.
Type II is more comprehensive because it tests if the controls actually worked over a period (usually 6-12 months), whereas Type I only checks if they were designed correctly on a specific date.
Common mistakes
Confusing SOC 1/2 with Type I/II.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium