Browse Information Systems and Controls (ISC)
-
-
- 3.1 COSO Internal Control – Integrated Framework: Relevance to Information Systems
- 3.2 COSO ERM for IT: Risk Management Across Digital Environments
- 3.3 COBIT 2019 Overview: Governance System Principles and Components
- 3.4 Other Influential Standards and Regulations (e.g., PCI DSS, HIPAA, GDPR)
- 3.5 ITIL and IT Service Management Overviews
-
-
- 10.1 Change Control Concepts: Policies and Procedures
- 10.2 Environments and Testing (Development, QA/Staging, Production)
- 10.3 Patch Management: Risks and Controls
- 10.4 Continuous Integration and Continuous Deployment in Modern DevOps
- 10.5 Systems Development Life Cycle (SDLC): Waterfall vs. Agile/DevOps
-
-
-
-
-
Chapter 23: SOC 1® Examinations
In this section
-
Objectives, Scope, and Applicability
Discover how SOC 1® Examinations focus on financial reporting controls and address the specific needs of user entities relying on service organizations. Explore key objectives, scope boundaries, and typical applications—illustrated by practical payroll services use cases and industry scenarios.
-
Management Assertions and Description Criteria
Exploring standard SOC 1® management assertions, their alignment with IT general controls, and how description criteria guide service organizations in presenting their systems.
-
Materiality Considerations in SOC 1®
Explore the unique approach to materiality in SOC 1® examinations, contrasting it with external financial statement audits, and learn how materiality is determined, tested, and documented within service organizations.
-
Distinguishing Materiality in IT vs. Financial Statement Audits
Explore how information technology materiality contrasts with traditional financial materiality, emphasizing how even small IT issues can pose business‑critical risks.
-
Inclusive vs. Carve‑Out Method for Subservice Organizations
Explore the key distinctions between inclusive and carve-out methods for subservice organizations in SOC 1® examinations, including practical examples, flowcharts, and best practices.
