CPE Self-Study

Introduction to SOC for Service Organizations Reporting

  • $159.00-$199.00
    Introduction to SOC for Service Organizations Reporting Availability : Online Access Product #: 166031
    AICPA Member: $159.00
    Non-Member: $199.00
  • Contact Sales
    Contact a representative for group pricing. 800.634.6780 (Option 1) | Contact Us Product #: GT-SOCRPTS

Get ready to gain an understanding of system and organization control reporting guidance and common practice issues that will provide you with the foundational knowledge to effectively perform SOC for service organizations examinations.

Authored by Patrick Morin, this CPE course offers guidance on how to provide attest service related to the effectiveness of controls at a service organization that affects clients' internal control over financial reporting (SOC 1®) and controls at a service organization related to information privacy, security, confidentiality, availability and processing integrity (SOC 2® and SOC 3®). This course covers Trust Services Criteria, SSAE No. 18., and pertinent updates made to the SOC 1 and SOC 2 guides since their last editions.

Learning Objectives

  • Distinguish SOC 1®, SOC 2® and SOC 3® engagements.
  • Identify planning considerations in reporting on system and organization controls for service organizations.
  • Recall how to execute procedures related to reporting on system and organization controls for service organizations.
  • Recognize requirements for reporting on system and organization controls for service organizations.

Key Topics

  • Purposes of SOC 1, SOC 2, and SOC 3 reports
  • Differences among the reports and the audiences they serve
  • Standards that are relevant and applicable to engagements related to reporting on system and organization control for service organizations
  • Planning considerations and applicability
  • Engagement acceptance and continuance
  • Evaluating the suitability of criteria
  • Responsibilities of management of the service organization
  • Evaluating the design of controls
  • Identifying subservice organizations
  • Understanding the content of the description
  • Evaluating whether control objectives relate to ICFR
  • Reporting and completing the engagement
  • Trust Services Principles and Criteria and the new Trust Services
  • Criteria Planning considerations; applicability, and scope definition
  • Responsibilities of management and responsibilities of service auditor Evaluating the design of controls
  • Obtaining and evaluating evidence
  • Designing and performing tests of controls and evaluating results of tests Reporting and completing the engagement
  • Differences between SOC 2 and SOC 3 reports

Who Will Benefit?

  • Those involved in the planning, execution and reporting of SOC 1, SOC 2, or SOC 3 engagements.

System Requirements

About the Authors

Patrick A. Morin, CPA, CISA, CITP

Patrick (Pat) is a principal and director of the risk and business advisory practice at Baker Newman Noyes, specializing in a wide range of topics related to business process and information systems. He has been with the firm since it was founded, having previously been with one of our predecessor firms since 1988.

Pat has significant experience providing services such as assessment and evaluation of business processes and the identification of information system solutions, creation of control frameworks to mitigate risk, information technology control and security reviews and SSAE 16 Service Organization Control examinations, developing solutions to analyze large-scale data sets, and developing information technology strategies and business resumption plans. Pat is a nationally-recognized expert in SOC examinations; he provides SOC examination quality review services for three regional CPA firms. Pat earned a bachelor's degree in accounting from the University of Maine, Orono.

About the Publisher

American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.