Attestation engagements

Area 4: Forming Conclusions and Reporting (10-20%)

Your Progress

0 of 37 questions attempted

Topics

Examination engagements
Review engagements (attestation)
Agreed-upon procedures

Lessons

Attestation Engagements

Study Frameworks

SOC Report Selection

Are the controls relevant to user entities' financial reporting?

Yes

Does the user auditor need evidence about operating effectiveness over a period?

Yes

SOC 1 Type 2 report

SOC 1 Type 1 report (design and implementation only)

Is the report intended for general public distribution?

Yes

SOC 3 report (general-use, condensed format)

SOC 2 report (detailed, restricted distribution)

Engagement Types Comparison

Feature	Audit	Review	Compilation	Agreed-Upon Procedures
Level of assurance	Reasonable	Limited	None	None (findings only)
Key procedures	Inspect, confirm, observe, recalculate	Inquiry, analytical procedures	Read for obvious errors	Specified by engaging parties
Report opinion	Positive — FS are fairly stated	Negative — nothing came to our attention	No assurance expressed	Report findings only
Independence required	Yes	Yes	No (but must disclose lack)	Yes

SOC Report Types

Report	Subject Matter	Distribution	Criteria
SOC 1	Controls relevant to user financial reporting	Restricted	SSAE (AT-C 320)
SOC 2	Security, availability, processing integrity, confidentiality, privacy	Restricted	Trust Services Criteria
SOC 3	Same as SOC 2 (condensed)	General use	Trust Services Criteria

Practice These Topics(37 questions)