SOC for Supply Chain : Reporting on an Examination of Controls Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy in a Production, Manufacturing, or Distribution System 2020

Click to enlarge

Author(s):	AICPA (Corporate)
ISBN No.:	9781948306959
Pages:	368
Year:	202006
Format:	Trade Paper
Price:	$ 179.40
Status:	Out Of Print

Qty: Add to Cart

Synopsis
Table of contents
Full Details

1 Introduction and Background .01-.75 Introduction .01-.09 Intended Users of a SOC for Supply Chain Report .10-.16 Overview of a SOC for Supply Chain Examination .17-.

19 Contents of the SOC for Supply Chain Report .20-.21 Defining the System to Be Examined .22-.34 The Entity''s System Objectives and Principal System Objectives .27-.28 Selecting the Trust Services Category or Categories to Be Addressed by the Examination .29-.

33 Determining the Time Frame for the Examination .34 Other Engagement Considerations .35-.41 Considerations for Entities That Distribute Products .35-.38 Considerations for Entities That Bundle Services With Their Products .39-.40 Considerations for a Design-Only Examination .

41 Matters Not Addressed by a SOC for Supply Chain Examination .42-.43 Criteria for a SOC for Supply Chain Examination .44-.62 Description Criteria .45-.47 Trust Services Criteria .48-.

58 Evaluating the Entity''s Principal System Objectives .59-.62 The Practitioner''s Opinion in a SOC for Supply Chain Examination .63-.65 Other Types of SOC Examinations: SOC Suite of Services .66 Professional Standards .67-.74 Attestation Standards .

68-.70 Code of Professional Conduct .71 Quality in the SOC for Supply Chain Examination .72-.74 Definitions .75 2 Accepting and Planning a SOC for Supply Chain Examination .01-.154 Introduction .

01-.02 Understanding Entity Management''s Responsibilities .03-.10 Entity Management''s Responsibilities Prior to Engaging the Practitioner .04-.07 Entity Management''s Responsibilities During the Examination .08-.09 Entity Management''s Responsibilities During Engagement Completion .

10 Responsibilities of the Practitioner .11 Engagement Acceptance and Continuance .12-.15 Independence .16-.19 Competence of Engagement Team Members .20-.24 Preconditions of the Engagement .

25-.49 Determining the Appropriateness of the Subject Matter .26-.27 Identifying the Components of the System to be Examined .28-.30 Determining the Boundaries of the System Being Examined .31-.38 Determining Whether Entity Management is Likely to Have a Reasonable Basis for Its Assertion .

39-.43 Assessing the Suitability and Availability of Criteria .44 Determining Whether the Entity''s Principal System Objectives Are Reasonable in the Circumstances .45-.49 Requesting a Written Assertion and Representations From Entity Management .50-.54 Agreeing on the Terms of the Engagement .55-.

64 Accepting a Change in the Terms of the Examination .60-.64 Establishing an Overall Examination Strategy for and Planning the Examination .65-.69 Performing Risk Assessment Procedures .70-.106 Obtaining an Understanding of the Description of the Entity''s System and Control Effectiveness .71-.

83 Assessing the Risks of Material Misstatement .84-.95 Considering Materiality During Planning .96-.106 Considering Entity-Level Controls .107-.111 Understanding the Internal Audit Function .112-.

119 Planning to Use the Work of a Practitioner''s Specialist .120-.126 Identifying Customer Responsibilities and Complementary Customer Controls .127-.133 Identifying Suppliers and Complementary Supplier Controls .134-.150 Suppliers Whose Controls Are Necessary for the Entity to Achieve Its Principal System Objectives .134-.

135 Complementary Supplier Controls .136-.141 Using the Inclusive Method .142-.150 Planning to Use the Work of an Other Practitioner .151-.154 3 Performing the SOC for Supply Chain Examination .01-.

199 Introduction .01 Designing Overall Responses to the Risk Assessment .02-.03 Designing and Performing Procedures .04 Obtaining Evidence About Whether the Description Presents the System That Was Designed and Implemented in Accordance With the Description Criteria .05-.59 Disclosures Related to the Types of Goods Produced, Manufactured, or Distributed .17-.

18 Disclosures About the Entity''s Principal System Objectives .19-.24 Disclosures About System Incidents .25-.28 Disclosures About Risks That May Have a Significant Effect on the Entity''s Production, Manufacturing, or Distribution .29-.30 Disclosures About Inputs to and Components of the System .31-.

32 Disclosures About Individual Controls and the Applicable Trust Services Criteria .33-.41 Disclosures About Complementary Customer Controls .42-.43 Disclosures Related to Complementary Supplier Controls .44-.56 Disclosures About Nonrelevant Criteria .57 Disclosures About Significant Changes to the System During the Period .

58-.59 Evaluating Description Misstatements Identified During the Examination .60-.67 Considering Whether the Description is Misstated or Otherwise Misleading .68-.69 Obtaining Evidence About the Suitability of the Design of Controls .70-.85 Multiple Controls Are Necessary to Address an Applicable Trust Services Criterion .

77-.78 More Than One Control Addresses a Particular Risk .79 Procedures to Obtain Evidence About the Suitability of Design of Controls .80-.85 Evaluating Deficiencies in the Suitability of Design of Controls .86-.88 Obtaining Evidence About the Operating Effectiveness of Controls .89-.

94 Designing and Performing Tests of Controls .91-.94 Nature of Tests of Controls .95-.110 Testing Review Controls .101-.102 Evaluating the Reliability of Information Produced by the Entity .103-.

110 Timing of Tests of Controls .111-.112 Extent of Tests of Controls .113-.118 Testing Superseded Controls .119-.120 Using Sampling to Select Items to Be Tested .121-.

125 Selecting Items to Be Tested .124-.125 Additional Risk Considerations Related to Suppliers and Business Partners .126-.136 Controls That Suppliers Expect the Entity to Implement .126-.131 Entity Controls for Addressing Supplier Risks .132-.

133 Complementary Supplier Controls .134-.136 Considering Controls That Did Not Need to Operate During the Period Covered by the Examination .137 Identifying and Evaluating Deviations in the Effectiveness of Controls .138-.142 Materiality Considerations When Evaluating Deficiencies in the Effectiveness of Controls .143-.146 Using the Work of the Internal Audit Function .

147-.153 Using the Work of a Practitioner''s Specialist .154-.157 Revising the Risk Assessment .158-.162 Evaluating the Sufficiency and Appropriateness of Evidence .159-.160 Evaluating the Results of Procedures .

161-.162 Responding to and Communicating Known and Suspected Fraud, Noncompliance With Laws or Regulations, Uncorrected Misstatements, and Deficiencies in the Effectiveness of Controls .163-.169 Known or Suspected Fraud or Noncompliance With Laws or Regulations .163-.165 Communicating Incidents of Known or Suspected Fraud, Noncompliance With Laws or Regulations, Uncorrected Misstatements, or Internal Control Deficiencies .166-.169 Obtaining Written Representations .

170-.183 Requested Written Representations Not Provided or Not Reliable .180-.181 Engaging Party is Not the Responsible Party .182 Representations From the Engaging Party When It is Not the Responsible Party .183 Subsequent Events and Subsequently Discovered Facts .184-.191 Subsequent Events Unlikely to Have an Effect on the Practitioner''s Report .

191 Documentation .192-.196 Considering Whether Entity Management Should Modify Its Assertion .197-.199 4 Forming the Opinion and Preparing the Practitioner''s Report .01-.91 Responsibilities of the Practitioner .01-.

05 Forming the Practitioner''s Opinion .06-.15 Concluding on the Sufficiency and Appropriateness of Evidence .08-.13 Expressing an Opinion on Each of the Subject Matters in the SOC for Supply Chain Examination .14-.15 Describing Tests of Controls and Results of Tests in the Practitioner''s Report .16-.

28 Describing Tests of Controls and Results When Using the Internal Audit Function .24-.26 Describing Tests of the Reliability of Information Produced by the Entity .27-.28 Preparing the Practitioner''s SOC for Supply Chain Report .29-.40 Elements of the Practitioner''s Report .29 Restricting the Use of the Practitioner''s Report .

30-.31 Reporting When There Are Complementary Customer Controls .32-.35 Reporting When There Are Complementary Supplier Controls .36-.40 Reporting When the Practitioner Assumes Responsibility for the Work of an Other Practitioner .41 Modifications to the Practitioner''s Opinion .42-.

67 Qualified Opinion .50-.51 Adverse Opinion .52-.56 Scope Limitation .57-.61 Disclaimer of Opinion .62-.

67 Report Paragraphs Describing the Matter Giving Rise to the Modification .68-.76 Illustrative Separate Paragraphs When There Are Material Misstatements in the Description .68-.73 Illustrative Separate Paragraph: Material Deficiencies in the Effectiveness of Controls .74-.76 Other Matters Related to the Practitioner''s Report .77-.

80 Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs .77-.78 Distribution of the Report by Management .79-.80 Practitioner''s Recommendations for Improving Controls .81 Other Information Not Covered by the Practitioner''s Report .82-.86 Illustrative Report .

87-.88 Preparing a SOC for Supply Chain Report in a Design-Only Examination .89-.91 Su.

To be able to view the table of contents for this publication then please subscribe by clicking the button below...

To be able to view the full description for this publication then please subscribe by clicking the button below...