Details

SOC for Supply Chain


SOC for Supply Chain

Reporting on an Examination of Controls Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy in a Production, Manufacturing, or Distribution System, 2020
AICPA 1. Aufl.

von: AICPA

100,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 20.05.2020
ISBN/EAN: 9781948306966
Sprache: englisch
Anzahl Seiten: 368

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p>Internal and external forces such as globalization, global interconnectivity, automation, and other technological advancements are making today’s supply chains highly sophisticated and complex. For organizations that produce, manufacture or distribute products, there’s often a high level of interdependence and connectivity with their suppliers and their customers and business partners.</p> <p>Although the interconnectedness of these organizations can be beneficial (increased revenues, expanded market opportunities, and cost reduction), the ability of organizations to meet their goals is often increasingly dependent on events, processes, and controls that are not visible and are often beyond their control – such as a supplier’s controls. That’s why the demand for transparency in supply chains is now higher than ever before, and why this is the perfect time for you to help organizations assess their supply chain risks, evaluate the system controls within their manufacturing, production, or distribution systems, and communicate their supply chain management efforts to those with whom they do business.</p> <p>Accountants and financial managers can also increase the credibility of the supply chain information communicated by the organization by providing an opinion on the organization’s supply chain efforts. This guide enables the accountant and financial manager to examine and report on the description of a system for manufacturing, producing and distributing goods as well as on the controls within that system using a dynamic, proactive, and agile approach. It will show how to conduct this examination in accordance with the attestation standards. The guide may also be helpful when providing readiness assessments to clients, who are not quite ready for an examination level service and need help to get there.</p> <p>The guide also includes excerpts from the two distinct, but complementary sets of criteria developed by the AICPA to assist practitioners with SOC for Supply Chain engagements: the description criteria and the 2017 trust services criteria.</p> <p> </p>
<p><b>1 Introduction and Background .01-.75</b></p> <p>Introduction .01-.09</p> <p>Intended Users of a SOC for Supply Chain Report .10-.16</p> <p>Overview of a SOC for Supply Chain Examination .17-.19</p> <p>Contents of the SOC for Supply Chain Report .20-.21</p> <p>Defining the System to Be Examined .22-.34</p> <p>The Entity’s System Objectives and Principal System Objectives .27-.28</p> <p>Selecting the Trust Services Category or Categories to Be Addressed by the Examination .29-.33</p> <p>Determining the Time Frame for the Examination .34</p> <p>Other Engagement Considerations .35-.41</p> <p>Considerations for Entities That Distribute Products .35-.38</p> <p>Considerations for Entities That Bundle Services With Their Products .39-.40</p> <p>Considerations for a Design-Only Examination .41</p> <p>Matters Not Addressed by a SOC for Supply Chain Examination .42-.43</p> <p>Criteria for a SOC for Supply Chain Examination .44-.62</p> <p>Description Criteria .45-.47</p> <p>Trust Services Criteria .48-.58</p> <p>Evaluating the Entity’s Principal System Objectives .59-.62</p> <p>The Practitioner’s Opinion in a SOC for Supply Chain Examination .63-.65</p> <p>Other Types of SOC Examinations: SOC Suite of Services .66</p> <p>Professional Standards .67-.74</p> <p>Attestation Standards .68-.70</p> <p>Code of Professional Conduct .71</p> <p>Quality in the SOC for Supply Chain Examination .72-.74</p> <p>Definitions .75</p> <p><b>2 Accepting and Planning a SOC for Supply Chain Examination .01-.154</b></p> <p>Introduction .01-.02</p> <p>Understanding Entity Management’s Responsibilities .03-.10</p> <p>Entity Management’s Responsibilities Prior to Engaging the Practitioner .04-.07</p> <p>Entity Management’s Responsibilities During the Examination .08-.09</p> <p>Entity Management’s Responsibilities During Engagement Completion .10</p> <p>Responsibilities of the Practitioner .11</p> <p>Engagement Acceptance and Continuance .12-.15</p> <p>Independence .16-.19</p> <p>Competence of Engagement Team Members .20-.24</p> <p>Preconditions of the Engagement .25-.49</p> <p>Determining the Appropriateness of the Subject Matter .26-.27</p> <p>Identifying the Components of the System to be Examined .28-.30</p> <p>Determining the Boundaries of the System Being Examined .31-.38</p> <p>Determining Whether Entity Management is Likely to Have a Reasonable Basis for Its Assertion .39-.43</p> <p>Assessing the Suitability and Availability of Criteria .44</p> <p>Determining Whether the Entity’s Principal System Objectives Are Reasonable in the Circumstances .45-.49</p> <p>Requesting a Written Assertion and Representations From Entity Management .50-.54</p> <p>Agreeing on the Terms of the Engagement .55-.64</p> <p>Accepting a Change in the Terms of the Examination .60-.64</p> <p>Establishing an Overall Examination Strategy for and Planning the Examination .65-.69</p> <p>Performing Risk Assessment Procedures .70-.106</p> <p>Obtaining an Understanding of the Description of the Entity’s System and Control Effectiveness .71-.83</p> <p>Assessing the Risks of Material Misstatement .84-.95</p> <p>Considering Materiality During Planning .96-.106</p> <p>Considering Entity-Level Controls .107-.111</p> <p>Understanding the Internal Audit Function .112-.119</p> <p>Planning to Use the Work of a Practitioner’s Specialist .120-.126</p> <p>Identifying Customer Responsibilities and Complementary Customer Controls .127-.133</p> <p>Identifying Suppliers and Complementary Supplier Controls .134-.150</p> <p>Suppliers Whose Controls Are Necessary for the Entity to Achieve Its Principal System Objectives .134-.135</p> <p>Complementary Supplier Controls .136-.141</p> <p>Using the Inclusive Method .142-.150</p> <p>Planning to Use the Work of an Other Practitioner .151-.154</p> <p><b>3 Performing the SOC for Supply Chain Examination .01-.199</b></p> <p>Introduction .01</p> <p>Designing Overall Responses to the Risk Assessment .02-.03</p> <p>Designing and Performing Procedures .04</p> <p>Obtaining Evidence About Whether the Description Presents the System That Was Designed and Implemented in Accordance With the Description Criteria .05-.59</p> <p>Disclosures Related to the Types of Goods Produced, Manufactured, or Distributed .17-.18</p> <p>Disclosures About the Entity’s Principal System Objectives .19-.24</p> <p>Disclosures About System Incidents .25-.28</p> <p>Disclosures About Risks That May Have a Significant Effect on the Entity’s Production, Manufacturing, or Distribution .29-.30</p> <p>Disclosures About Inputs to and Components of the System .31-.32</p> <p>Disclosures About Individual Controls and the Applicable Trust Services Criteria .33-.41</p> <p>Disclosures About Complementary Customer Controls .42-.43</p> <p>Disclosures Related to Complementary Supplier Controls .44-.56</p> <p>Disclosures About Nonrelevant Criteria .57</p> <p>Disclosures About Significant Changes to the System During the Period .58-.59</p> <p>Evaluating Description Misstatements Identified During the Examination .60-.67</p> <p>Considering Whether the Description is Misstated or Otherwise Misleading .68-.69</p> <p>Obtaining Evidence About the Suitability of the Design of Controls .70-.85</p> <p>Multiple Controls Are Necessary to Address an Applicable Trust Services Criterion .77-.78</p> <p>More Than One Control Addresses a Particular Risk .79</p> <p>Procedures to Obtain Evidence About the Suitability of Design of Controls .80-.85</p> <p>Evaluating Deficiencies in the Suitability of Design of Controls .86-.88</p> <p>Obtaining Evidence About the Operating Effectiveness of Controls .89-.94</p> <p>Designing and Performing Tests of Controls .91-.94</p> <p>Nature of Tests of Controls .95-.110</p> <p>Testing Review Controls .101-.102</p> <p>Evaluating the Reliability of Information Produced by the Entity .103-.110</p> <p>Timing of Tests of Controls .111-.112</p> <p>Extent of Tests of Controls .113-.118</p> <p>Testing Superseded Controls .119-.120</p> <p>Using Sampling to Select Items to Be Tested .121-.125</p> <p>Selecting Items to Be Tested .124-.125</p> <p>Additional Risk Considerations Related to Suppliers and Business Partners .126-.136</p> <p>Controls That Suppliers Expect the Entity to Implement .126-.131</p> <p>Entity Controls for Addressing Supplier Risks .132-.133</p> <p>Complementary Supplier Controls .134-.136</p> <p>Considering Controls That Did Not Need to Operate During the Period Covered by the Examination .137</p> <p>Identifying and Evaluating Deviations in the Effectiveness of Controls .138-.142</p> <p>Materiality Considerations When Evaluating Deficiencies in the Effectiveness of Controls .143-.146</p> <p>Using the Work of the Internal Audit Function .147-.153</p> <p>Using the Work of a Practitioner’s Specialist .154-.157</p> <p>Revising the Risk Assessment .158-.162</p> <p>Evaluating the Sufficiency and Appropriateness of Evidence .159-.160</p> <p>Evaluating the Results of Procedures .161-.162</p> <p>Responding to and Communicating Known and Suspected Fraud, Noncompliance With Laws or Regulations, Uncorrected Misstatements, and Deficiencies in the Effectiveness of Controls .163-.169</p> <p>Known or Suspected Fraud or Noncompliance With Laws or Regulations .163-.165</p> <p>Communicating Incidents of Known or Suspected Fraud, Noncompliance With Laws or Regulations, Uncorrected Misstatements, or Internal Control Deficiencies .166-.169</p> <p>Obtaining Written Representations .170-.183</p> <p>Requested Written Representations Not Provided or Not Reliable .180-.181</p> <p>Engaging Party is Not the Responsible Party .182</p> <p>Representations From the Engaging Party When It is Not the Responsible Party .183</p> <p>Subsequent Events and Subsequently Discovered Facts .184-.191</p> <p>Subsequent Events Unlikely to Have an Effect on the Practitioner’s Report .191</p> <p>Documentation .192-.196</p> <p>Considering Whether Entity Management Should Modify Its Assertion .197-.199</p> <p><b>4 Forming the Opinion and Preparing the Practitioner’s Report .01-.91</b></p> <p>Responsibilities of the Practitioner .01-.05</p> <p>Forming the Practitioner’s Opinion .06-.15</p> <p>Concluding on the Sufficiency and Appropriateness of Evidence .08-.13</p> <p>Expressing an Opinion on Each of the Subject Matters in the SOC for Supply Chain Examination .14-.15</p> <p>Describing Tests of Controls and Results of Tests in the Practitioner’s Report .16-.28</p> <p>Describing Tests of Controls and Results When Using the Internal Audit Function .24-.26</p> <p>Describing Tests of the Reliability of Information Produced by the Entity .27-.28</p> <p>Preparing the Practitioner’s SOC for Supply Chain Report .29-.40</p> <p>Elements of the Practitioner’s Report .29</p> <p>Restricting the Use of the Practitioner’s Report .30-.31</p> <p>Reporting When There Are Complementary Customer Controls .32-.35</p> <p>Reporting When There Are Complementary Supplier Controls .36-.40</p> <p>Reporting When the Practitioner Assumes Responsibility for the Work of an Other Practitioner .41</p> <p>Modifications to the Practitioner’s Opinion .42-.67</p> <p>Qualified Opinion .50-.51</p> <p>Adverse Opinion .52-.56</p> <p>Scope Limitation .57-.61</p> <p>Disclaimer of Opinion .62-.67</p> <p>Report Paragraphs Describing the Matter Giving Rise to the Modification .68-.76</p> <p>Illustrative Separate Paragraphs When There Are Material Misstatements in the Description .68-.73</p> <p>Illustrative Separate Paragraph: Material Deficiencies in the Effectiveness of Controls .74-.76</p> <p>Other Matters Related to the Practitioner’s Report .77-.80</p> <p>Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs .77-.78</p> <p>Distribution of the Report by Management .79-.80</p> <p>Practitioner’s Recommendations for Improving Controls .81</p> <p>Other Information Not Covered by the Practitioner’s Report .82-.86</p> <p>Illustrative Report .87-.88</p> <p>Preparing a SOC for Supply Chain Report in a Design-Only Examination .89-.91</p> <p><b>Supplement</b></p> <p>A 2020 Description Criteria for a Description of an Entity’s Production, Manufacturing, or Distribution System in a SOC for Supply Chain Report</p> <p>B 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy</p> <p><b>Appendix</b></p> <p>A Information for Entity Management</p> <p>B Comparison of SOC for Supply Chain, SOC 2®, and SOC for Cybersecurity Examinations and Related Reports</p> <p>C Illustrative Management Assertion in a SOC for Supply Chain Examination</p> <p>D Illustrative Accountant’s Report for a SOC for Supply Chain Examination</p> <p>E Illustrative SOC for Supply Chain Report (Including Entity Management’s Assertion, Accountant’s Report, and Illustrative Description of the System)</p> <p>F Definitions</p> <p>G Overview of Statements on Quality Control Standards</p> <p>Index of Pronouncements and Other Technical Guidance</p> <p>Subject Index</p>
<p>The <b>American Institute of CPAs (AICPA)</b> is the world's largest member association representing the CPA profession, with more than 429,000 members in the United States and worldwide, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education, and consulting. The AICPA sets ethical standards for its members and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA examination, offers specialized credentials, builds the pipeline of future talent and drives professional competency development to advance the vitality, relevance and quality of the procession.</p>

Diese Produkte könnten Sie auch interessieren:

The One-Page Project Manager for Execution
The One-Page Project Manager for Execution
von: Clark A. Campbell, Mike Collins
PDF ebook
14,99 €
Internal Control Audit and Compliance
Internal Control Audit and Compliance
von: Lynford Graham
PDF ebook
60,99 €
Creating Your Own Destiny
Creating Your Own Destiny
von: Patrick Snow
EPUB ebook
16,99 €