Webinar

SOC 2 Report Walkthrough

Friday, April 4, 2025
11 a.m.-12:30 p.m. Central
2 CPE (2 technical)

Course code: 25WI-0007
View pricing

Firm administrators: Please log in before starting the employee registration process.

Risk assessments have been a primary focus area for firms as well as peer reviewers. Assessing risk is a continual process through an engagement life cycle (from client acceptance to planning to evaluating the results).

This session will strive to answer three questions related to third-party risk management:
- What is a risk assessment?
- Why do we keep talking about it?
- Where do you start?

This was first delivered as part of the AICPA & CIMA SOC & Third-Party Risk Management Conference in April 2023 as the session, Start here ... with risk assessments.

Major subjects

Sections within a SOC 2 report
CUEC considerations
Inclusive versus carve-out methods of reporting on controls at subservice organizations
Report opinion types
SOC 3 reporting
Bridge letters

Learning objectives

Recognize the sections within a SOC 2 report and responsibility for each, including complementary subservice organization controls (CSOCs)
Identify key elements when reviewing a SOC 2 report, including complementary user entity controls (CUECs) and report opinion types
Recall considerations related to exceptions, bridge letters, and SOC 3 reports

Who should take this program?

Service auditors with 0−2 years of experience; service organization management; users (user entities and user entity auditors); security managers involved in vendor management

Pricing

Standard Member Fee	$118.00
Standard Nonmember Fee	$142.00

MNCPA members save $24.00. Become a member.

Our records indicate you are a nonmember. If you register, you will be charged $142.00 (Standard Nonmember Fee). Members: Please log in to receive member fee.

Firm administrators: Please log in before starting the employee registration process.