您的购物车中没有商品。

SOC for Supply Chain: Reporting on an Examination of Controls Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy in a Production, Manufacturing, or Distribution System, 2020

SOC for Supply Chain: Reporting on an Examination of Controls Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy in a Production, Manufacturing, or Distribution System, 2020

  • 作者:
  • 出版商: John Wiley & Sons
  • ISBN: 9781948306959
  • 出版时间 May 2020
  • 规格: Paperback , 368 pages
  • 适应领域: International ? 免责申明:
    Countri(es) stated herein are used as reference only

List Price: ¥1,222.00

¥1,185.34 Save ¥36.66 (3%)

发货时间:大约 4-5 weeks
Extra 2-10 working days if shipping address outside Hong Kong
Free delivery Hong Kong?
Hong Kong: free delivery (order over HKD 1000)
  • 描述 
  • 大纲 
  • 作者 
  • 详细

    Internal and external forces such as globalization, global interconnectivity, automation, and other technological advancements are making today’s supply chains highly sophisticated and complex. For organizations that produce, manufacture or distribute products, there’s often a high level of interdependence and connectivity with their suppliers and their customers and business partners.

    Although the interconnectedness of these organizations can be beneficial (increased revenues, expanded market opportunities, and cost reduction), the ability of organizations to meet their goals is often increasingly dependent on events, processes, and controls that are not visible and are often beyond their control – such as a supplier’s controls. That’s why the demand for transparency in supply chains is now higher than ever before, and why this is the perfect time for you to help organizations assess their supply chain risks, evaluate the system controls within their manufacturing, production, or distribution systems, and communicate their supply chain management efforts to those with whom they do business.

    Accountants and financial managers can also increase the credibility of the supply chain information communicated by the organization by providing an opinion on the organization’s supply chain efforts. This guide enables the accountant and financial manager to examine and report on the description of a system for manufacturing, producing and distributing goods as well as on the controls within that system using a dynamic, proactive, and agile approach. It will show how to conduct this examination in accordance with the attestation standards. The guide may also be helpful when providing readiness assessments to clients, who are not quite ready for an examination level service and need help to get there.

    The guide also includes excerpts from the two distinct, but complementary sets of criteria developed by the AICPA to assist practitioners with SOC for Supply Chain engagements: the description criteria and the 2017 trust services criteria.

  • 1 Introduction and Background .01-.75

    Introduction .01-.09

    Intended Users of a SOC for Supply Chain Report .10-.16

    Overview of a SOC for Supply Chain Examination .17-.19

    Contents of the SOC for Supply Chain Report .20-.21

    Defining the System to Be Examined .22-.34

    The Entity’s System Objectives and Principal System Objectives .27-.28

    Selecting the Trust Services Category or Categories to Be Addressed by the Examination .29-.33

    Determining the Time Frame for the Examination .34

    Other Engagement Considerations .35-.41

    Considerations for Entities That Distribute Products .35-.38

    Considerations for Entities That Bundle Services With Their Products .39-.40

    Considerations for a Design-Only Examination .41

    Matters Not Addressed by a SOC for Supply Chain Examination .42-.43

    Criteria for a SOC for Supply Chain Examination .44-.62

    Description Criteria .45-.47

    Trust Services Criteria .48-.58

    Evaluating the Entity’s Principal System Objectives .59-.62

    The Practitioner’s Opinion in a SOC for Supply Chain Examination .63-.65

    Other Types of SOC Examinations: SOC Suite of Services .66

    Professional Standards .67-.74

    Attestation Standards .68-.70

    Code of Professional Conduct .71

    Quality in the SOC for Supply Chain Examination .72-.74

    Definitions .75

    2 Accepting and Planning a SOC for Supply Chain Examination .01-.154

    Introduction .01-.02

    Understanding Entity Management’s Responsibilities .03-.10

    Entity Management’s Responsibilities Prior to Engaging the Practitioner .04-.07

    Entity Management’s Responsibilities During the Examination .08-.09

    Entity Management’s Responsibilities During Engagement Completion .10

    Responsibilities of the Practitioner .11

    Engagement Acceptance and Continuance .12-.15

    Independence .16-.19

    Competence of Engagement Team Members .20-.24

    Preconditions of the Engagement .25-.49

    Determining the Appropriateness of the Subject Matter .26-.27

    Identifying the Components of the System to be Examined .28-.30

    Determining the Boundaries of the System Being Examined .31-.38

    Determining Whether Entity Management is Likely to Have a Reasonable Basis for Its Assertion .39-.43

    Assessing the Suitability and Availability of Criteria .44

    Determining Whether the Entity’s Principal System Objectives Are Reasonable in the Circumstances .45-.49

    Requesting a Written Assertion and Representations From Entity Management .50-.54

    Agreeing on the Terms of the Engagement .55-.64

    Accepting a Change in the Terms of the Examination .60-.64

    Establishing an Overall Examination Strategy for and Planning the Examination .65-.69

    Performing Risk Assessment Procedures .70-.106

    Obtaining an Understanding of the Description of the Entity’s System and Control Effectiveness .71-.83

    Assessing the Risks of Material Misstatement .84-.95

    Considering Materiality During Planning .96-.106

    Considering Entity-Level Controls .107-.111

    Understanding the Internal Audit Function .112-.119

    Planning to Use the Work of a Practitioner’s Specialist .120-.126

    Identifying Customer Responsibilities and Complementary Customer Controls .127-.133

    Identifying Suppliers and Complementary Supplier Controls .134-.150

    Suppliers Whose Controls Are Necessary for the Entity to Achieve Its Principal System Objectives .134-.135

    Complementary Supplier Controls .136-.141

    Using the Inclusive Method .142-.150

    Planning to Use the Work of an Other Practitioner .151-.154

    3 Performing the SOC for Supply Chain Examination .01-.199

    Introduction .01

    Designing Overall Responses to the Risk Assessment .02-.03

    Designing and Performing Procedures .04

    Obtaining Evidence About Whether the Description Presents the System That Was Designed and Implemented in Accordance With the Description Criteria .05-.59

    Disclosures Related to the Types of Goods Produced, Manufactured, or Distributed .17-.18

    Disclosures About the Entity’s Principal System Objectives .19-.24

    Disclosures About System Incidents .25-.28

    Disclosures About Risks That May Have a Significant Effect on the Entity’s Production, Manufacturing, or Distribution .29-.30

    Disclosures About Inputs to and Components of the System .31-.32

    Disclosures About Individual Controls and the Applicable Trust Services Criteria .33-.41

    Disclosures About Complementary Customer Controls .42-.43

    Disclosures Related to Complementary Supplier Controls .44-.56

    Disclosures About Nonrelevant Criteria .57

    Disclosures About Significant Changes to the System During the Period .58-.59

    Evaluating Description Misstatements Identified During the Examination .60-.67

    Considering Whether the Description is Misstated or Otherwise Misleading .68-.69

    Obtaining Evidence About the Suitability of the Design of Controls .70-.85

    Multiple Controls Are Necessary to Address an Applicable Trust Services Criterion .77-.78

    More Than One Control Addresses a Particular Risk .79

    Procedures to Obtain Evidence About the Suitability of Design of Controls .80-.85

    Evaluating Deficiencies in the Suitability of Design of Controls .86-.88

    Obtaining Evidence About the Operating Effectiveness of Controls .89-.94

    Designing and Performing Tests of Controls .91-.94

    Nature of Tests of Controls .95-.110

    Testing Review Controls .101-.102

    Evaluating the Reliability of Information Produced by the Entity .103-.110

    Timing of Tests of Controls .111-.112

    Extent of Tests of Controls .113-.118

    Testing Superseded Controls .119-.120

    Using Sampling to Select Items to Be Tested .121-.125

    Selecting Items to Be Tested .124-.125

    Additional Risk Considerations Related to Suppliers and Business Partners .126-.136

    Controls That Suppliers Expect the Entity to Implement .126-.131

    Entity Controls for Addressing Supplier Risks .132-.133

    Complementary Supplier Controls .134-.136

    Considering Controls That Did Not Need to Operate During the Period Covered by the Examination .137

    Identifying and Evaluating Deviations in the Effectiveness of Controls .138-.142

    Materiality Considerations When Evaluating Deficiencies in the Effectiveness of Controls .143-.146

    Using the Work of the Internal Audit Function .147-.153

    Using the Work of a Practitioner’s Specialist .154-.157

    Revising the Risk Assessment .158-.162

    Evaluating the Sufficiency and Appropriateness of Evidence .159-.160

    Evaluating the Results of Procedures .161-.162

    Responding to and Communicating Known and Suspected Fraud, Noncompliance With Laws or Regulations, Uncorrected Misstatements, and Deficiencies in the Effectiveness of Controls .163-.169

    Known or Suspected Fraud or Noncompliance With Laws or Regulations .163-.165

    Communicating Incidents of Known or Suspected Fraud, Noncompliance With Laws or Regulations, Uncorrected Misstatements, or Internal Control Deficiencies .166-.169

    Obtaining Written Representations .170-.183

    Requested Written Representations Not Provided or Not Reliable .180-.181

    Engaging Party is Not the Responsible Party .182

    Representations From the Engaging Party When It is Not the Responsible Party .183

    Subsequent Events and Subsequently Discovered Facts .184-.191

    Subsequent Events Unlikely to Have an Effect on the Practitioner’s Report .191

    Documentation .192-.196

    Considering Whether Entity Management Should Modify Its Assertion .197-.199

    4 Forming the Opinion and Preparing the Practitioner’s Report .01-.91

    Responsibilities of the Practitioner .01-.05

    Forming the Practitioner’s Opinion .06-.15

    Concluding on the Sufficiency and Appropriateness of Evidence .08-.13

    Expressing an Opinion on Each of the Subject Matters in the SOC for Supply Chain Examination .14-.15

    Describing Tests of Controls and Results of Tests in the Practitioner’s Report .16-.28

    Describing Tests of Controls and Results When Using the Internal Audit Function .24-.26

    Describing Tests of the Reliability of Information Produced by the Entity .27-.28

    Preparing the Practitioner’s SOC for Supply Chain Report .29-.40

    Elements of the Practitioner’s Report .29

    Restricting the Use of the Practitioner’s Report .30-.31

    Reporting When There Are Complementary Customer Controls .32-.35

    Reporting When There Are Complementary Supplier Controls .36-.40

    Reporting When the Practitioner Assumes Responsibility for the Work of an Other Practitioner .41

    Modifications to the Practitioner’s Opinion .42-.67

    Qualified Opinion .50-.51

    Adverse Opinion .52-.56

    Scope Limitation .57-.61

    Disclaimer of Opinion .62-.67

    Report Paragraphs Describing the Matter Giving Rise to the Modification .68-.76

    Illustrative Separate Paragraphs When There Are Material Misstatements in the Description .68-.73

    Illustrative Separate Paragraph: Material Deficiencies in the Effectiveness of Controls .74-.76

    Other Matters Related to the Practitioner’s Report .77-.80

    Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs .77-.78

    Distribution of the Report by Management .79-.80

    Practitioner’s Recommendations for Improving Controls .81

    Other Information Not Covered by the Practitioner’s Report .82-.86

    Illustrative Report .87-.88

    Preparing a SOC for Supply Chain Report in a Design-Only Examination .89-.91

    Supplement

    A 2020 Description Criteria for a Description of an Entity’s Production, Manufacturing, or Distribution System in a SOC for Supply Chain Report

    B 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy

    Appendix

    A Information for Entity Management

    B Comparison of SOC for Supply Chain, SOC 2®, and SOC for Cybersecurity Examinations and Related Reports

    C Illustrative Management Assertion in a SOC for Supply Chain Examination

    D Illustrative Accountant’s Report for a SOC for Supply Chain Examination

    E Illustrative SOC for Supply Chain Report (Including Entity Management’s Assertion, Accountant’s Report, and Illustrative Description of the System)

    F Definitions

    G Overview of Statements on Quality Control Standards

    Index of Pronouncements and Other Technical Guidance

    Subject Index

  • The American Institute of CPAs (AICPA) is the world's largest member association representing the CPA profession, with more than 429,000 members in the United States and worldwide, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education, and consulting. The AICPA sets ethical standards for its members and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA examination, offers specialized credentials, builds the pipeline of future talent and drives professional competency development to advance the vitality, relevance and quality of the procession.

你可能需要

Drafting Employment Documents for Expatriates, 2nd Edition
Drafting Employment Documents for Expatriates, 2nd Edition

List Price: ¥1,879.25

¥1,822.87 Save ¥56.38 (3%)

How to Lead a Values-Based Professional Services Firm: 3 Keys to Unlock Purpose and Profit
How to Lead a Values-Based Professional Services Firm: 3 Keys to Unlock Purpose and Profit

List Price: ¥376.00

¥364.72 Save ¥11.28 (3%)

Armstrong's Handbook of Human Resource Management Practice, 16th Edition
Armstrong's Handbook of Human Resource Management Practice, 16th Edition

List Price: ¥587.50

¥569.88 Save ¥17.63 (3%)

Individual Income Tax Planning for Expatriates in China, 6th Edition
Individual Income Tax Planning for Expatriates in China, 6th Edition

List Price: ¥1,203.20

¥601.60 Save ¥601.60 (50%)

Hong Kong Employment Law: A Practical Guide, 5th Edition
Hong Kong Employment Law: A Practical Guide, 5th Edition

List Price: ¥1,410.00

¥1,367.70 Save ¥42.30 (3%)

The Employee Experience: How to Attract Talent, Retain Top Performers, and Drive Results
The Employee Experience: How to Attract Talent, Retain Top Performers, and Drive Results

List Price: ¥263.20

¥255.30 Save ¥7.90 (3%)

Butterworths Employment Law Handbook 2024
Butterworths Employment Law Handbook 2024

List Price: ¥3,724.94

¥3,613.19 Save ¥111.75 (3%)

Hiring Greatness: How to Recruit Your Dream Team and Crush the Competition
Hiring Greatness: How to Recruit Your Dream Team and Crush the Competition

List Price: ¥253.80

¥246.19 Save ¥7.61 (3%)

Employees' Intellectual Property Rights, 2nd Edition
Employees' Intellectual Property Rights, 2nd Edition

List Price: ¥1,739.00

¥1,686.83 Save ¥52.17 (3%)

Employment Law and Practice in Hong Kong, 2nd Edition (Hardcopy + e-book)
Employment Law and Practice in Hong Kong, 2nd Edition (Hardcopy + e-book)

List Price: ¥4,418.94

¥4,286.37 Save ¥132.57 (3%)

International Employment Law Disputes
International Employment Law Disputes

List Price: ¥1,974.00

¥1,914.78 Save ¥59.22 (3%)

Settlement of Individual Employment Disputes
Settlement of Individual Employment Disputes

List Price: ¥1,398.25

¥1,356.31 Save ¥41.94 (3%)

Developing Human Capital
Developing Human Capital

List Price: ¥564.00

¥547.08 Save ¥16.92 (3%)

Managing Employment Relations, 7th Edition
Managing Employment Relations, 7th Edition

List Price: ¥564.00

¥547.08 Save ¥16.92 (3%)

Performance Management
Performance Management

List Price: ¥293.75

¥46.06 Save ¥247.69 (84%)