ExpertHard1 markMultiple Choice
CPA · Question 75 · Area III: SOC Engagements
A service organization's management refuses to provide a written assertion for a SOC 2® engagement. What should the service auditor do?
A service organization's management refuses to provide a written assertion for a SOC 2® engagement. What should the service auditor do?
Answer options:
A.
Issue an adverse opinion.
B.
Write the assertion for them.
C.
Withdraw from the engagement or issue a disclaimer of opinion.
D.
Proceed with the audit but note it in the report.
How to approach this question
No Assertion = No Audit.
Full Answer
C.Withdraw from the engagement or issue a disclaimer of opinion.✓ Correct
Withdraw from the engagement or issue a disclaimer of opinion.
Management's assertion is a prerequisite for the examination. If management refuses to provide it, the auditor cannot complete the engagement.
Common mistakes
Thinking the auditor can just write it.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard