ExpertHard1 markMultiple Choice
CPA · Question 44 · Area III: SOC Engagements
A company is using the 'Inclusive Method' for a subservice organization in their SOC 2® report. What does this imply for the service auditor?
A company is using the 'Inclusive Method' for a subservice organization in their SOC 2® report. What does this imply for the service auditor?
Answer options:
A.
The auditor can rely solely on the subservice organization's own SOC report.
B.
The subservice organization is excluded from the scope.
C.
The auditor mentions the subservice organization but performs no procedures.
D.
The auditor must perform test procedures on the controls at the subservice organization as if they were the service organization's controls.
How to approach this question
Inclusive = Included in YOUR testing.
Full Answer
D.The auditor must perform test procedures on the controls at the subservice organization as if they were the service organization's controls.✓ Correct
D
In the Inclusive Method, the subservice organization's controls are included in the system description and are subject to testing by the service auditor. The auditor treats them as if they were part of the primary organization.
Common mistakes
Thinking Inclusive means just attaching their report (that's relying on other auditors, not the Inclusive Method per se).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium