What is the primary difference between a Type I and a Type II SOC report?

Answer options:

Type I is for financial controls; Type II is for security controls.

Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.

Type I covers a period of time; Type II is a point in time.

Type I includes auditor testing; Type II does not.

How to approach this question

Type I = Snapshot (Design). Type II = Movie (Design + Operation).

Full Answer

B.Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.✓ Correct

Type I looks at the design of controls as of a specific date. Type II looks at the design AND operating effectiveness (did they actually work?) over a specified period (usually 6-12 months).

Common mistakes

Confusing SOC 1/2 with Type I/II.

Question 65 All questions Question 67

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...Medium Q02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...Hard Q03A financial institution requires a cloud deployment model that offers the highest level of contro...Medium Q04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...Medium Q05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy

View all 82 questions →