ExpertMedium1 markMultiple Choice
CPA · Question 48 · Area III: SOC Engagements
An auditor is reviewing the 'Management's Assertion' in a SOC 2® report. Which of the following statements must be included in the assertion?
An auditor is reviewing the 'Management's Assertion' in a SOC 2® report. Which of the following statements must be included in the assertion?
Answer options:
A.
That the service organization is free of all fraud.
B.
That the auditor is responsible for the design of the controls.
C.
That the controls were suitably designed and operated effectively to achieve the related control objectives/criteria.
D.
That the user entities are responsible for all security controls.
How to approach this question
Management asserts (claims) that their system description is fair and their controls work. The auditor then opines on that assertion.
Full Answer
C.That the controls were suitably designed and operated effectively to achieve the related control objectives/criteria.✓ Correct
C
Management must assert that the description fairly presents the system, that controls were suitably designed, and (for Type II) that they operated effectively throughout the period.
Common mistakes
Thinking the auditor makes the assertion. The auditor makes the *opinion*.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard