Back

Include discussions about how particular situations will be handled in the opening meeting.


CONTROL ID
15254
CONTROL TYPE
Audits and Risk Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an audit program., CC ID: 00684

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • the method of reporting audit findings including criteria for grading, if any; (§ 6.4.3 ¶ 7 Bullet 1, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • conditions under which the audit may be terminated; (§ 6.4.3 ¶ 7 Bullet 2, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • how to deal with possible findings during the audit; (§ 6.4.3 ¶ 7 Bullet 3, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • any system for feedback from the auditee on the findings or conclusions of the audit, including complaints or appeals. (§ 6.4.3 ¶ 7 Bullet 4, ISO 19011:2018, Guidelines for auditing management systems, Third edition)
  • Management's assertion is included in the SOC 2 report along with the description and the service auditor's report. Because of the important role that the assertion plays in the engagement, it may be useful for the service auditor to provide management with an example of a written assertion prior to… (¶ 2.73, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • Service organization management is also required to provide the service auditor with written representations at the conclusion of the engagement. It may be useful for the service auditor to provide management with an example of the types of expected representations prior to engagement acceptance. Il… (¶ 2.75, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)