Browse Information Systems and Controls (ISC)
-
-
- 3.1 COSO Internal Control – Integrated Framework: Relevance to Information Systems
- 3.2 COSO ERM for IT: Risk Management Across Digital Environments
- 3.3 COBIT 2019 Overview: Governance System Principles and Components
- 3.4 Other Influential Standards and Regulations (e.g., PCI DSS, HIPAA, GDPR)
- 3.5 ITIL and IT Service Management Overviews
-
-
- 10.1 Change Control Concepts: Policies and Procedures
- 10.2 Environments and Testing (Development, QA/Staging, Production)
- 10.3 Patch Management: Risks and Controls
- 10.4 Continuous Integration and Continuous Deployment in Modern DevOps
- 10.5 Systems Development Life Cycle (SDLC): Waterfall vs. Agile/DevOps
-
-
-
-
-
Chapter 25: Planning and Performing a SOC Engagement
In this section
-
Engagement Acceptance and Ethical Considerations
Learn the critical steps for accepting a SOC engagement while ensuring compliance with ethical standards and independence requirements. Explore professional standards references, conflict of interest warnings, and practical examples to guide CPAs through SOC engagement acceptance.
-
Independence and Responsibilities of Service Auditor and Management
Learn how independence underpins SOC engagements, exploring the distinct roles and responsibilities of the service auditor and management in planning and performing an attestation under relevant AICPA standards.
-
Identifying Complementary User Entity Controls (CUECs)
Discover how to identify and assess Complementary User Entity Controls (CUECs) in SOC engagements, ensuring clarity on user entity responsibilities and risk mitigation strategies.
-
Fieldwork and Communication with Stakeholders
Explore essential methods for evidence gathering and effective communication with stakeholders to enhance SOC engagements, including best practices and a detailed fieldwork timeline.
-
Gathering Evidence: Tools and Example Testing Techniques
Learn best practices for obtaining reliable audit evidence, including log sampling, configuration reviews, and re-performance of controls, to strengthen your SOC engagement.
