PPC's Practice Aids™ for Reporting on Controls of Service Organizations—SOC 2 Engagements are loaded with the practical guidance, real-life examples, and timesaving checklists and practice aids to give you the knowledge you need to confidently and competently perform complex SOC 2 engagements under the AICPA attestation standards and the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. They are editable Microsoft® Word and Excel practice aids, and they contain extensive practical considerations and tips to help you conduct SOC 2 engagements effectively and efficiently. Our practical 'how-to' engagement process specifically tailored for these specialized engagements will help you perform these engagements in a cost-effective manner. Save hours of time by not having to tailor your existing practice aids for SOC 2 engagements. Links to related guidance on Checkpoint are also included. If you are one of the many service auditors who perform SOC 2 engagements, this is the resource you've been asking for! These Practice Aids were developed by CPAs who have extensive experience providing services to all types of service organizations and who understand the unique engagement performance and reporting issues you encounter.
- Detailed practice aids provide guidance on determining as of a specified date whether management’s description of the system is presented in accordance with the description criteria and controls are suitably designed to provide reasonable assurance that the service organization’s service commitments and system requirements would be achieved based on the applicable trust services criteria, if controls operated effectively. Further, for Type 2 engagements, detailed practice aids provide guidance on evaluating the description and suitability of design of controls throughout a specified period as well as determining whether controls are operating effectively throughout a specified period to provide reasonable assurance that the service organization’s service commitments and system requirements were achieved based on the applicable trust services criteria.
- Control matrixes are provided for controls relevant to security, availability, processing integrity, confidentiality, and privacy.
- Type 1 and Type 2 reporting checklists and numerous drafting illustrations of service auditor's reports tailored for various situations are also included.
- Rather than take a one-size fits-all approach to performing SOC 2 engagements, these practice aids are designed to allow you to customize your approach and procedures to fit different types of service organizations, the applicable trust services categories and criteria, and unique aspects of the controls at various service organizations. These practice aids will be important resources to make your new and existing engagements more efficient.