This session will address how SOC 1 reports are used within an EBP Audit. Facilitators recommend bringing your laptop to this session to fully participate in the case study.
Attendees will understand:
- How SOC 1 reports are used to obtain an understanding of internal control over financial reporting in an EBP audit
- How SOC 1 reports impact risk assessment and planned nature, timing, and extent of substantive audit procedures
- Common issues auditors deal with in evaluating SOC 1 reports (e.g. report qualifications, carve-outs, exceptions)
- How to determine which controls are key user entity controls and testing their operating effectiveness
- How the evaluation and use of service organization reports are documented in an audit as well as other documentation considerations/best practices