ExpertHard1 markMultiple Choice
CPA · Question 49 · Area III: SOC Engagements
What is the primary difference between a SOC 2® Type I and a SOC 2® Type II report?
What is the primary difference between a SOC 2® Type I and a SOC 2® Type II report?
Answer options:
A.
Type I is for financial controls; Type II is for security.
B.
Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.
C.
Type I is for management use only; Type II is for public use.
D.
Type I covers 6 months; Type II covers 12 months.
How to approach this question
Type I = Design (Date). Type II = Operating Effectiveness (Period).
Full Answer
B.Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.✓ Correct
Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.
A Type I report looks at the design of controls at a specific date. A Type II report looks at the design AND operating effectiveness (did they actually work?) over a specified period (e.g., 6 months).
Common mistakes
Confusing SOC 1/2 with Type I/II.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard