Instructor
Jeffrey Cook
Instructor
Get comfortable with SOC 2® reports. For service auditors and user entities new to SOC 2® reporting, not understanding the report contents can result in reporting deficiencies or inappropriate identification of key information.
How will this webcast benefit you? This webcast presents the contents of each section of a SOC 2® report, highlighting key items of interest. As a user or user auditor, you will be better able to identify pertinent information that affects your organization or audit work. And as a service provider or service auditor, you will be better able to recognize what users are looking for and meet the requirements of SSAE No. 18. Why take this webcast? Take this webcast as an introduction to SOC 2® reporting, to strengthen your foundational knowledge as you perform SOC 2® examinations as a service auditor or as you review SOC 2® reports as a user entity or user auditor.
• Recognize the sections within a SOC 2® report and responsibility for each, including complementary subservice organization controls (CSOCs).
• Identify key elements when reviewing a SOC 2® report, including complementary user entity controls (CUECs) and report opinion types.
• Recall considerations related to exceptions, bridge letters, and SOC 3® reports.
• Sections within a SOC 2® report
• CUEC considerations
• Inclusive versus carve-out methods of reporting on controls at subservice organizations
• Report opinion types
• SOC 3® reporting
• Bridge letters
Service auditors with 0–2 years of experience, Service organization management, Users (user entities and user entity auditors), Security managers involved in vendor management