ExpertHard1 markMultiple Choice
CPA · Question 73 · Area III: SOC Engagements
During a SOC 2 Type II engagement, an auditor finds that a daily backup failed 3 times out of 365 days. The backups were successfully retried the next day. How should the auditor handle this?
During a SOC 2 Type II engagement, an auditor finds that a daily backup failed 3 times out of 365 days. The backups were successfully retried the next day. How should the auditor handle this?
Answer options:
A.
Issue an Adverse Opinion.
B.
Hide the exceptions since they were retried.
C.
List the exceptions in Section IV but conclude the control operated effectively if the objective was met.
D.
Switch to a Type I report.
How to approach this question
Auditors must report facts (exceptions) but use judgment for the opinion.
Full Answer
C.List the exceptions in Section IV but conclude the control operated effectively if the objective was met.✓ Correct
List the exceptions in Section IV but conclude the control operated effectively if the objective was met.
Exceptions must be noted in the testing results (Section IV). However, if the failure didn't prevent the system from meeting its objectives (e.g., data was recoverable), it may not result in a modified opinion.
Common mistakes
Thinking any exception = Adverse opinion.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy