This course will help to understand the need for SOC reports, the basics of reading SOC 1 reports, the types of SOC reports, and the significance of different sections within the SOC report.
As IT Managers/IT auditors/anyone who is interested in SOC Reports, this course will help you to:
1) Understand how SOC reports are prepared & why we need them?
2) The course introduces you to the different types of SOC reports available and learn in detail about SOC 1 reports:
3) How SOC reports are used by a customer and the Vendor?
4) Different sections and terms within the SOC 1 report including Complementary User entity controls and Complimentary Sub service Organization controls.
5) Deep dive into each section of the report with examples as needed:
Independent Service Auditor’s opinion (Qualified, Unqualified, Adverse, Disclaimer)
Management Assertion
System Description
Control objectives, Controls, and Test results
Relationship between Control Objectives and risks
Complementary User Entity controls and Complimentary Sub service organization controls
Other information & Management Response
6) Other useful information such as the Bridge letter
7) Sub-service Organizations( Inclusive, Carve-out methods)
8) Characteristics of Control activities
9) Internal control over financial reporting
10) General IT controls
11) Attestation Standards such as SSAE18(Statement on Standards for attestation engagements 18) and ISAE3402