ExpertHard1 markMultiple Choice
CPA · Question 78 · Area III: SOC Engagements
In a SOC 2® engagement, if the service organization uses the 'Inclusive Method' for a subservice organization, what is the auditor's responsibility?
In a SOC 2® engagement, if the service organization uses the 'Inclusive Method' for a subservice organization, what is the auditor's responsibility?
Answer options:
A.
To rely solely on the subservice organization's SOC report.
B.
To exclude the subservice organization from the scope.
C.
To test the controls at the subservice organization as if they were the service organization's own controls.
D.
To issue a separate report for the subservice organization.
How to approach this question
Understand 'Inclusive' = Included in YOUR testing.
Full Answer
C.To test the controls at the subservice organization as if they were the service organization's own controls.✓ Correct
To test the controls at the subservice organization as if they were the service organization's own controls.
Under the inclusive method, the service auditor performs procedures at the subservice organization.
Common mistakes
Confusing Inclusive with Carve-out.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium