Certified AICPA SOC Report Analyst
Online Course: ID# 1006065
Price: $1,299.00
Qty:
About This Course:
Looking to augment your current SOC report knowledge-base? Then the Certified AICPA SOC Report Analyst course is for you!
SOC Reports are great tools for better understanding the risk that a third party might expose your company to. However, they are filled with information that you need to sift through and frequently take a great deal of time to analyze if you don't know what to look for, where to find it and what it means.
Designed to teach you how to quickly find the key pieces of information within a SOC report, understand what they mean, and develop a consolidated report about the level of risk that a vendor (3rd party) poses to your organization, his course utilizes the standard methodology and tools developed by our CEI Advisory Services Group that are provided with the course so you can create a consistent, well-documented, informative analysis report every time.
AGENDAThis online course will educate you as to what SOC reports are all about and how to quickly find the pieces of information you need in order to perform an analysis of the report. It includes:
- Chapter 1 - History, Terms and Definitions
SOC reports have evolved over many years and the AICPA has done an outstanding job of keeping up with the ever-evolving business environment. This chapter will take you through the evolution from SAS to SOC and SSAE 18®. It will also familiarize you with common terminology used in reports and you will gain an understanding of the inter-relationship and importance of items such as COSO Principles, Trust Services Criteria, and Common Criteria.
- Chapter 2 - The Report Components
Chapter 2 begins our dive into a SOC report and explains what the Independent Service Auditor's Report, Management's Assertion and the Auditor's Opinion are about. It also dissects those sections and pinpoints the information you can glean from a report in just a few paragraphs. We will begin working through the SOC Report Analysis report template provided with the course.
- Chapter 3 - Description of The System
We begin our voyage through the Description of the System and the 9 key Description Criteria, identifying key pieces of information that will be incorporated into the SOC Analysis Report. It might also indicate that additional information is required from our vendor to gain a better understanding of their controls.
- Chapter 4 - Description of the System, Tests, and Test Results
We continue our analysis of the Description of the System as we work through Vendor Management, Complementary User Entity Controls (CUECs, Sub-service Organizations, Complementary Sub-service Organization Controls, Changes to the System and Incidents. Chapter 4 then continues on to discuss Tests and Test Results and the impact of Exceptions and Deviations to the Auditor's Opinion.
- Chapter 5 - Section 5 (Other Information), Bridge Letters, SOC 3
Section 5 contains unaudited information, sometimes referred to as Irrelevant Information. Very often, the Service Organization's management wants you to know more about their company or might respond to an incident or a test Exception/Deviation. The Service Auditor doesn't verify this information but makes it known to you and it could contain valuable information that you need to utilize in your SOC Analysis Report. We will also help you understand what a Bridge Letter is and why you might need it. We finish Chapter 5 with an analysis of SOC 3 reports. While many think a SOC 3 is just a marketing tool and contains nothing of value, it is chocked full of information that you might find extremely useful as you're conducting your due diligence on a potential vendor.
- Chapter 6 - SOC 1 Report
Chapter 6 compares and contrasts SOC 2 and SOC 1 reports throughout all sections of the report. It points out the difference in controls; Trust Services and Common Criteria vs IT General Controls and Business Process. It also sheds light on the influence of COSO Principles and the indirect way in which the relationship is documented.
Included Materials: :
- PDF Course Content Workbooks
- AICPA SOC Report Analysis Report Template
- User Entity Controls Tracking Worksheet
- User Entity Controls Implementation Report
- Where To Find It Guide
- CASRA® Certificate
- 1 year free telephone/email support
Other Info:
- Time To Complete: Approximately 12 hours
- CPE credits: 14