This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice ( for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Audit and assurance alert: SOC 1 and SOC 2 issues arising from COVID-19

Published on: May 31, 2020

This alert raises awareness about the issues arising from COVID-19 related to performing the following engagements:

  • SOC 1: Reporting on controls at a service organization relevant to the user entities' financial statements
  • SOC 2: Reporting on controls at a service organization relevant to security, availability, processing integrity, confidentiality and privacy.

The American Institute of Certified Public Accountants (AICPA) has prepared a list of representative FAQs and topics to aid practitioners as they perform SOC 1 and SOC 2 engagements in these uncertain times. This non-authoritative guidance has been adapted from the AICPA guidance to reflect Canadian standards and terminology.

Topics include:

  • performing procedures remotely
  • going concern issues
  • subsequent events
  • management representation letters
  • subservice organizations


Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.