What must auditors agree on when planning SOC engagements?

In planning System and Organization Controls (SOC) engagements, auditors must agree on the engagement terms. This includes defining the scope, objectives, responsibilities, and deliverables of the audit, ensuring that both the auditor and the client have a mutual understanding of what will be assessed and reported on. Clear engagement terms help to outline how the audit will be conducted, what standards will be applied, the timelines involved, and the expectations from both parties. Establishing these terms from the outset is crucial for the effectiveness of the audit process and helps in managing the relationship throughout the engagement.

Other aspects such as materiality thresholds, risk assessment procedures, and independence standards are also important in the context of audits but do not serve as the initial agreements necessary to start the planning phase. These elements can be determined as part of the audit execution process once the engagement terms are established.