ExpertMedium1 markMultiple Choice
CPA · Question 81 · Area III: SOC Engagements
An auditor is reviewing the 'System Description' for a SOC 2® report. The description includes a flowchart of the order processing system. The auditor notices a step in the flowchart where 'Orders > $5000 require Manager Approval'. During the walkthrough, the auditor observes that the system actually requires approval for orders > $10,000. What is the auditor's conclusion?
An auditor is reviewing the 'System Description' for a SOC 2® report. The description includes a flowchart of the order processing system. The auditor notices a step in the flowchart where 'Orders > $5000 require Manager Approval'. During the walkthrough, the auditor observes that the system actually requires approval for orders > $10,000. What is the auditor's conclusion?
Answer options:
A.
The control is effective because $10,000 is a higher threshold.
B.
The auditor should change the system configuration to $5000.
C.
The system description is inaccurate and must be corrected by management.
D.
This is a control deficiency.
How to approach this question
SOC 2 Opinion 1: Is the description fair? If Description != Reality, then Description is unfair/inaccurate.
Full Answer
C.The system description is inaccurate and must be corrected by management.✓ Correct
C
One of the primary opinions in a SOC report is whether the description is fairly presented. If the description contradicts the actual system configuration observed during the walkthrough, the description is inaccurate and must be corrected.
Common mistakes
Focusing on whether 5k or 10k is the 'right' limit, rather than the accuracy of the document.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard