CISSP · Question #973
While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?
The correct answer is A. ISIsOC 1. ISIsOC 1 is the most useful Service Organization Control (SOC) report for reviewing the financial reporting risks of a third-party application, because it focuses on the internal controls over financial reporting (ICFR) of the service organization. ISIsOC 1 reports are based on t
Question
While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?
Options
- AISIsOC 1
- BSOC 2
- CSOC 3
- DSOC for cybersecurity
How the community answered
(29 responses)- A86% (25)
- B3% (1)
- C3% (1)
- D7% (2)
Explanation
ISIsOC 1 is the most useful Service Organization Control (SOC) report for reviewing the financial reporting risks of a third-party application, because it focuses on the internal controls over financial reporting (ICFR) of the service organization. ISIsOC 1 reports are based on the Statement on Standards for Attestation Engagements (SSAE) No. 18, and can be either Type 1 or Type 2, depending on whether they provide a point-in-time or a period-of-time evaluation of the controls. SOC 2, SOC 3, and SOC for cybersecurity reports are based on the Trust Services Criteria, and cover different aspects of the service organization's security, availability, confidentiality, processing integrity, and privacy. They are not specifically designed for financial reporting risks.
Topics
Community Discussion
No community discussion yet for this question.