What is an Agreed-Upon Procedures Engagement?

An agreed-upon procedures (AUP) engagement is an attestation engagement where a CPA or CPA firm performs specific procedures on the subject matter and issues a report of findings. The subject matter can be financial or nonfinancial.  The practitioner and the client agree on the procedures to be performed.  The authoritative guidance that […]

Sampling Guidance for SOC Reports

There are several resources that CPA firms can use to develop their sampling methodology for SOC 1 and SOC 2 audits.  These included: The AICPA’s SOC 1 and 2 Audit Guides The AICPA’s Audit Sampling Guide AU-C Section 530: Audit Sampling  It is important to note that the AICPA does not […]

CSOCs and CUECs in a SOC Report

Generally, SOC 1 and SOC 2 reports include a description of complementary subservice organization controls (CSOCs) and complementary user entity controls (CUECs), which are defined as follows in the AICPA SOC 2 Audit Guide: CSOCs Controls that service organization management assumed, in the design of the service organization’s system, would be implemented […]

Scope Limitations in a SOC Report

The AICPA defines a scope limitation as “An inability to obtain sufficient appropriate evidence.” In a SOC 1 or SOC 2 examination, a scope limitation may occur for the following reasons: Circumstances beyond the control of management. For example, documents that the service auditor considers necessary to inspect were in the […]