An auditor is reviewing the 'System Description' for a SOC 2® report. Which of the following is a REQUIRED element of the system description?

Answer options:

The detailed results of the auditor's testing.

The types of services provided and the principal service commitments and system requirements.

A list of all employees and their salaries.

The auditor's opinion on the financial statements.

How to approach this question

Recall the components of a SOC report. The Description is written by Management. It must say 'What we do' and 'What we promised'.

Full Answer

B.The types of services provided and the principal service commitments and system requirements.✓ Correct

The types of services provided and the principal service commitments and system requirements.

The system description must include the services provided, the principal service commitments (what was promised to customers), and the system requirements (how the system is built to meet those promises).

Common mistakes

Thinking the auditor writes the description (Management does).

Question 26 All questions Question 28

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →