Evaluating Exceptions in a SOC Engagement and Managing the Risk...
By: Jamie Kilcoyne | Managing Director, Coalfire Controls | CPA, CISA, CITP, CIA, CFE
One of the most challenging aspects of a System and Organization Controls (SOC) engagement is evaluating exceptions / control failures and determining how they will impact the SOC report and whether they will result in a qualified or adverse opinion. There is a significant amount of judgment involved in this evaluation, but essentially it comes down to responding to the following questions:
- For a SOC 1, do the exceptions result in a failure to achieve one or more control objectives?
- For a SOC 2, do the exceptions result in a failure to effectively address one or more Trust Services Criteria (TSC)?
This white paper requires registration. Please fill out the form on this page and we will send access to the email address you provide.