[Free] How To Read Soc(System And Organization Controls) 1 Reports
Understand the different sections in SOC 1 Type 2 report and their significance. – Free Course
What you’ll learn
- Understand what SOC reports are and guidance to read a SOC 1 Report
- Identify different sections of SOC 1 report and significance
- How SOC reports can be used to assess a vendor
- Apply the learnings to read any SOC 1 report
Requirements
- Basic understanding of controls and Information Technology
Description
This course will help to understand the need for SOC reports, the basics of reading SOC 1 reports, the types of SOC reports, and the significance of different sections within the SOC report.
As IT Managers/IT auditors/anyone who is interested in SOC Reports, this course will help you to:
1) Understand how SOC reports are prepared & why we need them?
2) The course introduces you to the different types of SOC reports available and learn in detail about SOC 1 reports:
SOC1
SOC2
SOC3
SOC for cybersecurity
SOC for Supply chain
Type 1 and type 2 reports
3) How SOC reports are used by a customer and the Vendor?
4) Different sections and terms within the SOC 1 report including Complementary User entity controls and Complimentary Sub service Organization controls.
5) Deep dive into each section of the report with examples as needed:
Independent Service Auditors opinion (Qualified, Unqualified, Adverse, Disclaimer)
Management Assertion
System Description
Control objectives, Controls, and Test results
Relationship between Control Objectives and risks
Complementary User Entity controls and Complimentary Sub service organization controls
Other information & Management Response
6) Other useful information such as the Bridge letter
7) Sub-service Organizations( Inclusive, Carve-out methods)
8) Characteristics of Control activities
9) Internal control over financial reporting
10) General IT controls
11) Attestation Standards such as SSAE18(Statement on Standards for attestation engagements 18) and ISAE3402
Author(s): Mani Keerthi N
