Answered step by step
Verified Expert Solution
Question
1 Approved Answer
An auditor may be required to perform a risk assessment on a 'service organization', which is defined by AT-C section 320 as an organization .
An auditor may be required to perform a risk assessment on a 'service organization', which is defined by AT-C section 320 as "an organization . . . that provides services to user entities, which are likely to be relevant to those user entities' internal control over financial reporting." Specifically, the auditor must evaluate the internal controls of the service organization in furtherance of assuring accurate financial reporting, and whether those internal controls are operating as intended. (CPA Exam note: when studying for the CPA Exam, you will find references to 'SOC', or 'system and organization controls'. The acronym formerly referred to 'service organization controls' and was redefined by the AICPA in 2017 to introduce new internal control examinations that could be performed for organizations in addition to service organizations. SOC was expanded into four suites of services for entities to better understand external risks, such as cybersecurity, related to their vendors and distribution networks.) Question: What is the name of the internal control environment framework (referenced in the textbook) that the auditor should assess? What are the five components of this framework?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
The internal control environment framework referenced in the textbook that the auditor should assess ...
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Accounting for Governmental and Nonprofit Entities
Authors: Jacqueline L. Reck, James E. Rooks, Suzanne Lowensohn, Daniel Neely
18th edition
1260190080, 1260190083, 978-1259917059
