Browse Information Systems and Controls (ISC)
-
-
- 3.1 COSO Internal Control – Integrated Framework: Relevance to Information Systems
- 3.2 COSO ERM for IT: Risk Management Across Digital Environments
- 3.3 COBIT 2019 Overview: Governance System Principles and Components
- 3.4 Other Influential Standards and Regulations (e.g., PCI DSS, HIPAA, GDPR)
- 3.5 ITIL and IT Service Management Overviews
-
-
- 10.1 Change Control Concepts: Policies and Procedures
- 10.2 Environments and Testing (Development, QA/Staging, Production)
- 10.3 Patch Management: Risks and Controls
- 10.4 Continuous Integration and Continuous Deployment in Modern DevOps
- 10.5 Systems Development Life Cycle (SDLC): Waterfall vs. Agile/DevOps
-
-
-
-
-
Chapter 22: Overview of SOC Engagements
In this section
-
Purpose and Types of SOC Reports (SOC 1®, SOC 2®, SOC 3®, SOC for Cybersecurity)
Explore the foundational purpose, scope, and audience of SOC 1®, SOC 2®, SOC 3®, and SOC for Cybersecurity reports, understanding how each addresses specific stakeholder needs and compliance objectives.
-
Form and Content of SOC Reports
Explore the primary elements of a SOC report, including management’s assertion, auditor’s opinion, and system description, with practical scenarios and guidance for CPAs and IT auditors.
-
Comparing User Entity Controls and Subservice Organization Controls
Explore the distinctions between user entity controls and subservice organization controls in SOC reporting, learn their complementary roles, review real-world examples, and master techniques for effective coordination.
