SOC Engagement Acceptance, Fieldwork, and Evidence Gathering

This chapter explains how a SOC engagement is planned and executed from acceptance through evidence collection. The exam focus is on professional responsibilities, engagement design, and practical fieldwork considerations.

In This Chapter

• Engagement Acceptance and Ethical Considerations covers the preliminary decisions that determine whether the work should proceed.
• Independence and Responsibilities of Service Auditor and Management explains the accountability split between the reporting parties.
• Identifying Complementary User Entity Controls (CUECs) addresses controls outside the service organization that still matter to the report.
• Fieldwork and Communication with Stakeholders explains how the engagement is performed and coordinated.
• Gathering Evidence: Tools and Example Testing Techniques covers the procedures used to support the final conclusion.

How to Use This Chapter

• Read this chapter when SOC topics move from report type into actual engagement execution.
• Focus on planning decisions, responsibility boundaries, and the evidence needed to support the opinion.
• Revisit it whenever an ISC question asks what the service auditor should do next in practice.

In this section

• Accepting a SOC Engagement: Preconditions, Ethics, and Engagement Risk
  Preconditions, ethics, and engagement risk when accepting SOC work.
• Service Auditor Independence and Management Responsibilities in SOC Work
  Service auditor independence and management responsibilities in SOC work.
• Complementary User Entity Controls and Why They Matter to the Report
  Complementary user entity controls and why they matter to the report.
• Fieldwork Execution and Communication with Management and Stakeholders
  Fieldwork execution and communication with management and stakeholders.
• Gathering Evidence in SOC Engagements: Testing Tools and Techniques
  Evidence gathering, testing tools, and techniques in SOC engagements.