ExpertMedium1 markMultiple Choice
CPA · Question 66 · Area III: SOC Engagements
What is the primary difference between a Type I and a Type II SOC report?
What is the primary difference between a Type I and a Type II SOC report?
Answer options:
A.
Type I is for financial controls; Type II is for security controls.
B.
Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.
C.
Type I covers a period of time; Type II is a point in time.
D.
Type I includes auditor testing; Type II does not.
How to approach this question
Type I = Snapshot (Design). Type II = Movie (Design + Operation).
Full Answer
B.Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.✓ Correct
Type I reports on design at a point in time; Type II reports on design and operating effectiveness over a period of time.
Type I looks at the design of controls as of a specific date. Type II looks at the design AND operating effectiveness (did they actually work?) over a specified period (usually 6-12 months).
Common mistakes
Confusing SOC 1/2 with Type I/II.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy