How to read SOC(System and Organization Controls) 1 Reports

This course will help to understand the need for SOC reports, the basics of reading SOC 1 reports, the types of SOC reports, and the significance of different sections within the SOC report.

As IT Managers/IT auditors/anyone who is interested in SOC Reports, this course will help you to:

1) Understand how SOC reports are prepared & why we need them?

2) The course introduces you to the different types of SOC reports available and learn in detail about SOC 1 reports:

• SOC1
• SOC2
• SOC3
• SOC for cybersecurity
• SOC for Supply chain
• Type 1 and type 2 reports

3) How SOC reports are used by a customer and the Vendor?

4) Different sections and terms within the SOC 1 report including Complementary User entity controls and Complimentary Sub service Organization controls.

5) Deep dive into each section of the report with examples as needed:

• Independent Service Auditor’s opinion (Qualified, Unqualified, Adverse, Disclaimer)
• Management Assertion
• System Description
• Control objectives, Controls, and Test results
• Relationship between Control Objectives and risks
• Complementary User Entity controls and Complimentary Sub service organization controls
• Other information & Management Response

6) Other useful information such as the Bridge letter

7) Sub-service Organizations( Inclusive, Carve-out methods)

8) Characteristics of Control activities

9) Internal control over financial reporting

10) General IT controls

11) Attestation Standards such as SSAE18(Statement on Standards for attestation engagements 18) and ISAE3402.