Attestation Services, Compliance Reporting, and SOC Reports

This chapter covers attestation services that extend beyond the standard financial statement audit. The challenge is understanding the objective of each engagement type, the level of assurance involved, and how the report is tailored to that objective.

In This Chapter

• Comparing SSAE Examinations, Reviews, and Agreed-Upon Procedures explains the main attestation service categories.
• Reporting on Forecasts and Projections covers future-oriented subject matter.
• Performing Compliance Attestation and Other Special Reports addresses compliance-focused engagement work.
• Understanding SOC 1, SOC 2, and SOC 3 Reports introduces major SOC report distinctions.

How to Use This Chapter

• Read this chapter after the SSARS chapter so service-level distinctions are already familiar.
• Focus on how the subject matter and user need change the engagement form and report.
• Revisit it whenever an AUD miss turns on SSAE work or SOC-report differences.

In this section

• Comparing SSAE Examinations, Reviews, and Agreed-Upon Procedures
  How SSAE examinations, reviews, and agreed-upon procedures differ in objective, work, and reporting.
• Reporting on Forecasts and Projections
  How auditors and practitioners report on forecasts, projections, and other prospective information.
• Performing Compliance Attestation and Other Special Reports
  How compliance attestation engagements and other special reports are structured and reported.
• Understanding SOC 1, SOC 2, and SOC 3 Reports
  How SOC 1, SOC 2, and SOC 3 reports differ in purpose, users, and reporting scope.