Video: Preparation of SOC 2 Reports

In this lesson, Nick Palazzolo, CPA, takes you through the intricate process of preparing a SOC 2 report, with a focus on the results of control testing, including exceptions. He starts with a practical example of testing the enforcement of multi-factor authentication for remote network access, outlining the testing methodology, selecting a sample size, and scrutinizing the results. Nick also guides you through how to deal with exceptions, analyzing their nature, assessing their impact, and discussing corrective measures with management. Throughout, he emphasizes the importance of presenting findings in a clear, structured manner using visuals where useful, and ensuring reports are understandable, avoiding excessive jargon. Nick concludes by illustrating how to assess overall control effectiveness and make recommendations for continuous improvements to security practices. This lesson not only explains how to compile a SOC 2 report but also highlights its role in enhancing the credibility and security of the organization's control environment.

"Examprep.ai helped me pass all 4 CPA exams on the first try. I highly recommend. I especially like the feedback and ratings the software provides so I know where to focus my time."

Daniel H., CPA

"I can't recommend ExamPrep.ai enough. Nick's lessons turned concepts I struggled with into strengths. I was able to pass FAR right before other exams expired!"

Andrew K, CPA

"I just want to say thank you for the great lesson videos. I couldn't stay awake through lectures of another course. After watching all your FAR lessons I was finally able to pass!"

Alyssa M., CPA Candidate

Video Transcript

Instructor: Nick Palazzolo

Nick Palazzolo is head instructor of ExamPrep.ai CPA Review. Nick's teaching style is engaging & upbeat, combining practical Big 4 tax & assurance expertise with years of 1-on-1 coaching. His lessons are concise and emphasize what you need to know to pass. Whether you're a recent grad or working full-time, we’re confident you can conquer your CPA exams with Nick’s review.

Cite this lesson

Link to this page

[[ citeExample ]]

Copy to clipboard

Copy URL to clipboard

Copy HTML to clipboard

All right, take another stretch, do what you got to do, stretch those arms, stand up for a second, drink some water, take care of yourself. We're almost done, we got a few more slides, then we'll wrap it up and call it a day with all of this. So preparing the SOC 2 report, results of testing of controls with an exception. So again, SOC 2 report dealing with trust services criteria. We are documenting the results of control testing. We're testing controls with an exception. So we have an issue, something arose, we have an exception. Exception is not something that's not good. We've got a structured approach to present these findings using a hypothetical test of controls as an example. So what was the control tested? So for instance, we are testing the organization implementing multi-factor authentication for all remote access to the network to ensure secure access control. What's the objective? We wanna verify that the multi-factor authentication is enforced for all remote network access, thereby enhancing the security of remote access and protecting against unauthorized access. Sounds reasonable to me. Just like we could have an audit and what's our, what do we wanna do? We wanna make sure the financial statements are not materially misstated and there's no pervasive issues. That would be the objective of an audit here with a SOC 2 report and engagement. We wanna make, you know, this is just one particular area within that. Obviously like there are overarching objectives and then even more specific objectives and this is just one specific objective. So what are we gonna do to test this? Well, the methodology, we wanna describe how the test was conducted. So for example, we reviewed access logs and security configurations for a sample of remote access

Unlock the full video transcript and subtitles support with a free account!

Get more from this lesson

Create an account 7-day free trial. No credit card required.

Considerations Specific to Planning, Performing & Reporting on a SOC Engagement

Module: 2 Concepts, 30 Videos

Considerations Specific to Planning and Performing a SOC Engagement - Overview

1:09

Introduction to Considerations Specific to Planning and Performing a SOC Engagement

8:07

Purpose and Organization of the Trust Services Criteria

3:58

Subject Matters in Trust Services Criteria Reporting