Skip to content
Log in

Type II report

Definition

An attestation report that provides an auditor's opinion on both the suitability of design and the operating effectiveness of controls over a specified period, typically six to twelve months. The auditor performs testing throughout the period.

Related terms

Complementary User Entity Controls (CUECs)
Controls that the service organisation's system design assumes the user entity will implement. Listed in the SOC 2 report. If the user...
SOC 1 (SSAE 18)
A report on controls at a service organisation that are relevant to user entities' financial statements. Governed by Statement on Standards for...
SOC 2
A report on controls relevant to the AICPA's Trust Service Criteria. Produced under the AT-C 205 attestation standard. Covers Security (mandatory) plus...
Trust Service Criteria (TSC)
The five criteria used to evaluate controls in a SOC 2 engagement: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The criteria are...
Type I report
An attestation report that provides an auditor's opinion on whether controls are suitably designed to meet the stated control objectives, assessed at...

Explained in

  • SOC Reports and Third-Party AssuranceAn attestation report that provides an auditor's opinion on both the suitability of design and the operating effectiveness of controls over a specified period,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account