An auditor is reviewing the 'Management's Assertion' in a SOC 2® report. Which of the following statements must be included in the assertion?

Answer options:

That the service organization is free of all fraud.

That the auditor is responsible for the design of the controls.

That the controls were suitably designed and operated effectively to achieve the related control objectives/criteria.

That the user entities are responsible for all security controls.

How to approach this question

Management asserts (claims) that their system description is fair and their controls work. The auditor then opines on that assertion.

Full Answer

C.That the controls were suitably designed and operated effectively to achieve the related control objectives/criteria.✓ Correct

Management must assert that the description fairly presents the system, that controls were suitably designed, and (for Type II) that they operated effectively throughout the period.

Common mistakes

Thinking the auditor makes the assertion. The auditor makes the *opinion*.

Question 47 All questions Question 49

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →