Transitioning from SAS 70 to SSAE 16
|
|
- Garey Cunningham
- 6 years ago
- Views:
Transcription
1 Industry Webinar Series SAS 70 ENDS EXIT TO SSAE 16 Transitioning from SAS 70 to SSAE 16 How Does This Apply to Your Organization? Cindy Boyle, Partner Rodney Walsh, Director BKD IT Risk Services
2 Agenda Service Organizations User Organizations Background Similarities Key Differences Transition Planning Conclusion Questions
3 Service Organizations Service Organization provider of services that may impact a user s (client s) financial reporting Such as: data centers transaction/claims processing centers application service providers bank processing centers Service auditor issues an opinion on a service organization's description of controls
4 User Organizations Users of the Service Organization typically considered your members or clients User Auditor (i.e., your client s auditor) is auditing the financial statements of your client SAS 70 assurance regarding Service Organization's controls
5 Background Statement on Auditing Standards No. 70 (SAS 70) issued in the early 90s International Standards two new standards International Standard on Assurance Engagements 3402 (ISAE 3402) The closely related U.S. Statement on Standards for Attestation Engagements 16 (SSAE 16) by the AICPA SSAE 16 will supersede SAS 70 beginning with reporting periods ending on or after June 15, 2011
6 Similarities SSAE 16 continues the focus on controls likely to be relevant to their user entities internal control over financial reporting (ICFR) SSAE 16 will have Type 1 and Type 2 reports similar in scope to the current SAS 70 reports The format of the reports will not be significantly different
7 Similarities Narrative description of controls: Basis for new description of the system Subservice organizations Included (inclusive method) Excluded (carve-out method) Intended users of the report Service organization s management Users User auditors
8 Key Differences: SAS vs. SSAE Attest standard, not an audit standard Consistency with international standards and existing attestation standards Increased focus on service organizations with services relevant to a user organizations internal control over financial reporting (ICFR) Reference to AT101 Attest Engagements for service organizations without ICFR relevance
9 Key Differences: Management Assertion A Management Assertion will be included in or attached to the SSAE 16 report States the system is Fairly represented Suitably designed and implemented The related controls were suitably designed to achieve the stated control That the controls operated effectively throughout the period (for a Type 2 report) Subservice organizations must provide a similar assertion when the inclusive method is used
10 Key Differences: Management Assertion The report will reference that management is responsible for Preparing the system description Providing the stated services Specifying the control objectives Identifying the risks Selecting and stating the criteria for the assertion (e.g. monitoring activities) Designing, implementing and documenting controls that are suitably designed and operating effectively
11 Key Differences: Auditor s Opinion vs. Management Assertion Auditor s Opinion remains in the role of providing assurance regarding management s assertions Auditor is not the entity responsible for the communication
12 Key Differences: System Description Currently a narrative description of controls Management must prepare a written description of the system More inclusive than it has been for many organizations and many CPA firms For inclusive subservice organizations, include their Related control objectives Related controls
13 Key Differences: System Description Components common to existing Descriptions of Controls Services covered Period covered Control objectives and related controls Complementary user controls
14 Key Differences: System Description Additional elements for the Description of the System Classes of transactions and details on related procedures and accounting records The capturing and addressing of significant events other than transactions Report preparation processes Other relevant aspects of the organization s Control environment Risk assessment process Information and communication systems Control activities and monitoring controls
15 Key Differences: Risks Management should Identify the risks that threaten the achievement of the stated services Identify the risks that threaten the achievement of the stated control objectives Evaluate whether the identified controls sufficiently address the risks to achieving the control objectives Risks to Services Control Objectives Risks to Control Objectives Control Activities
16 Other Key Differences Service auditor must disclose reliance on internal audit Conforming changes to service auditor opinion
17 Transition Planning Action Items for Service Providers
18 Transition Planning Promote current year awareness and improvements Determine effective date for your organization Follow up with specific readiness effort this fall or early Q1
19 Transition Planning Develop a Communication Plan Within your organization To your clients Client Internal Audit/Risk Management (i.e., other users of the report) Marketing material Web pages Contractual references
20 Transition Planning Review Scope Included/excluded services Services that impact your client s financial reporting Key third parties (sub-service organizations) Identify all relevant 3 rd party service organizations Existence and use of their SAS 70/SSAE 16 Commitments from 3 rd party relative to carve out or inclusive method Contractual /SLA impacts
21 Transition Planning Review System Description Services Scope Third parties (inclusive or carve out) Risks Objectives Controls
22 Transition Planning Assess Control Design Risk based Will impact control objectives Will impact supporting control activities Consider current SOX or other compliance efforts/ governance models and efforts
23 Transition Planning Consider Management Assertion Review basis for assertion Review sufficiency of current monitoring processes Need for direct testing of controls not sufficiently monitored
24 In Conclusion Develop a project plan Assign responsibilities Monitor the plan We are ready to assist Planning assistance Review of scope and 3 rd parties Risk Approaches Samples/Formats
25 Thank You Cindy Boyle, CPA, CFIRS, CIA Partner Rodney Walsh, CGEIT Director
WHICH SOC REPORT IS RIGHT FOR YOUR CLIENT?
CPAs & ADVISORS STRATEGIC ALLIANCE WEBINAR SERIES WHICH SOC REPORT IS RIGHT FOR YOUR CLIENT? June 20, 2017 Cindy Boyle TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided
More informationRetirement of SAS 70 and a new generation of Service Organization Control (SOC) Reports
new generation of Service Organization Control (SOC) Reports Presented by: Nina Currigan, KPMG Advisory Manager Karen Krebsbach, Ernst & Young Advisory Manager With you today Nina Currigan Advisory Manager
More informationSOC Reporting / SSAE 18 Update July, 2017
SOC Reporting / SSAE 18 Update July, 2017 Agenda SOC Refresher Overview of SSAE 18 Changes to SOC 1 Changes to SOC 2 Quiz / Questions Various Types of SOC Reports SOC for Service Organizations (http://www.aicpa.org/soc4so)
More informationC22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers
C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers SAS No. 70 Practices & Developments Todd Bishop Director, Risk Assurance Services, PricewaterhouseCoopers Agenda SAS 70 Background
More informationSAS 70 & SSAE 16: Changes & Impact on Credit Unions. Agenda
SAS 70 & SSAE 16: Changes & Impact on Credit Unions John Mason CISM, CISA, CGEIT, CFE SingerLewak LLP October 19, 2010 Agenda Statement on Auditing Standards (SAS) 70 background Background & purpose Types
More informationSSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services
SSAE 18 & new SOC approach to compliance Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services Agenda 1. SSAE 18 overview 2. SOC 2 + 3. 2017 Trust Services Criteria SSAE 18
More informationCSF to Support SOC 2 Repor(ng
CSF to Support SOC 2 Repor(ng Ken Vander Wal, CPA, CISA, HCISPP Chief Compliance Officer, HITRUST * ken.vanderwal@hitrustalliance.net Agenda Introduction to SOC Reporting SOC 2 and HITRUST CSF AICPA and
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationEvaluating SOC Reports and NEW Reporting Requirements
Evaluating SOC Reports and NEW Reporting Requirements ISACA Kris Lonborg, EY Partner Maria Avedissian, EY Senior Manager September 12, 2013 Agenda Evaluating SOC reports Recent changes made to the SOC1
More informationService Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017
Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Presenter Colin Wallace, CPA/CFF, CFE, CIA, CISA Partner Colin has provided management consulting and internal
More informationSAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2
SAAABA Changes in Reports on Service Organization Controls April 18, 2012 Changes in Reports on Service Organization Controls (formerly SAS 70) April 18, 2012 Duane M. Reyhl, CPA Andrews Hooper Pavlik
More informationSOC Updates: Understanding SOC for Cybersecurity and SSAE 18. May 23, 2017
SOC Updates: Understanding SOC for Cybersecurity and SSAE 18 May 23, 2017 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationThe SOC 2 Compliance Handbook:
The SOC 2 Compliance Handbook: Your guide to SOC 2 Audit Success The SOC 2 Compliance Handbook Page 2 Table of Contents Abstract 3 Why am I being asked about SOC Compliance? 4 What s the difference between
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationUnderstanding and Evaluating Service Organization Controls (SOC) Reports
Understanding and Evaluating Service Organization Controls (SOC) Reports Kevin Sear, CPA, CIA, CISA, CFE, CGMA Agenda 1. Why are SOC reports important? 2. Understanding the new SOC-1, SOC-2, and SOC-3
More informationMastering SOC-1 Attestation Reports Under SSAE 16: Auditing Service Organizations Controls in the Cloud
FOR LIVE POGRAM ONLY Mastering SOC-1 Attestation Reports Under SSAE 16: Auditing Service Organizations Controls in the Cloud TUESDAY, AUGUST 9, 2016, 1:00-2:50 pm Eastern IMPORTANT INFORMATION FOR THE
More informationAdopting SSAE 18 for SOC 1 reports
Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the
More informationA SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS
A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional
More informationMaking trust evident Reporting on controls at Service Organizations
www.pwc.com Making trust evident Reporting on controls at Service Organizations 1 Does this picture look familiar to you? User Entity A User Entity B User Entity C Introduction and background Many entities
More informationSOC Reports The 2017 Update: What s new, What s not, and What you should be doing with the SOC Reports you receive! Presented by Jeff Pershing
SOC Reports The 2017 Update What s new, What s not, and What you should be doing with the SOC Reports you receive! presented to Northeast Ohio ISACA Thursday, April 20, 2017 Jeff Pershing, CISA, CISM,
More informationCalifornia ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011
www.pwc.com California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011 Agenda SSAE 16 Background Results of Audit Scope of Audit Looking Forward Closing Thoughts Slide 1
More informationSOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions
SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American
More informationAudit Considerations Relating to an Entity Using a Service Organization
An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationSERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?
WHITE PAPER SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY? JEFF COOK DIRECTOR CPA, CITP, CIPT, CISA North America Europe 877.224.8077 info@coalfire.com coalfire.com TABLE OF CONTENTS Summary...
More informationWithin our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.
1633 Broadway New York, NY 10019-6754 Mr. Jim Sylph Executive Director, Professional Standards International Federation of Accountants 545 Fifth Avenue, 14th Floor New York, NY 10017 Dear Mr. Sylph: We
More informationExploring Emerging Cyber Attest Requirements
Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working
More informationISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls
ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview of service organisation control reports Service organisation
More informationCredit Union Service Organization Compliance
Credit Union Service Organization Compliance How do SOC reporting and PCI requirements affect your overall compliance strategy? May 15 2012 Your Speakers Dennis Lavin Credit Union Assurance Partner Moderator
More informationStudio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company
Studio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company To get where the others fail, we have to achieve even higher goals www.sas70.it MISSION Our Mission consists
More informationInternational Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 25 April 2008 International Auditing and Assurance
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationSAS70 Type II Reports Use and Interpretation for SOX
SAS70 Type II Reports Use and Interpretation for SOX November 19, 2007 Presented by: Erin Erickson, Senior Manager Enterprise Governance and Brenda Karl, Director Technology Risk Management Agenda Background
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationInternal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit
Internal Audit Report Electronic Bidding and Contract Letting TxDOT Office of Internal Audit Objective Review of process controls and service delivery of the TxDOT electronic bidding process. Opinion Based
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More information3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework
COSO Revised: Implications for Compliance and Ethics Programs Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and EY Professor The University of Kentucky Session Agenda The COSO Framework
More informationWeighing in on the Benefits of a SAS 70 Audit for Third Party Administrators
Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener
More informationSAS 70 revised. ISAE 3402 will focus on financial reporting control procedures. Compact_ IT Advisory 41. Introduction
Compact_ IT Advisory 41 SAS 70 revised ISAE 3402 will focus on financial reporting control procedures Jaap van Beek and Marco Francken J.J. van Beek is a partner at KPMG IT Advisory. He has over twenty-years
More informationPeriod from October 1, 2013 to September 30, 2014
Assurance Report on Controls Placed in Operation and Tests of Operating Effectiveness ISAE 3402 Type 2 Period from October 1, 2013 to September 30, 2014 Frankfurt/Main Table of Contents SECTION I Independent
More informationAuditing IT General Controls
Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program
More informationVendor Management: SSAE 18. Presented by Joseph Kirkpatrick CISSP, CISA, CGEIT, CRISC, QSA Managing Partner
Vendor Management: SSAE 18 Presented by Joseph Kirkpatrick CISSP, CISA, CGEIT, CRISC, QSA Managing Partner Audio Handouts Questions Welcome Joseph Kirkpatrick is the Managing Partner at KirkpatrickPrice
More informationSOC Lessons Learned and Reporting Changes
SOC Lessons Learned and Reporting Changes Dec. 16, 2014 Your Presenters Today Arshad Ahmed, CISA, CISSP, CPA Leader of SOC and Technology Risk Services for Crowe Rod Smith, CISA, CPA Thought Leader for
More informationDemonstrating data privacy for GDPR and beyond
Demonstrating data privacy for GDPR and beyond EY data privacy assurance services Introduction The General Data Protection Regulation (GDPR) is ushering in a new era of data privacy in Europe. Organizations
More informationADVANCED AUDIT AND ASSURANCE
ADVANCED AUDIT AND ASSURANCE CPA PROGRAM SUBJECT OUTLINE The Advanced Audit and Assurance subject provides a body of knowledge for you to understand the nature and diversity of audit and assurance engagements.
More informationNE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
NE HIMSS Vendor Risk October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Does Vendor Management Feel Like This? 2 Vendor Risk Management Lifecycle
More informationWhat are SSAE 16 Reports and How do I Use Them to Support my Audit and A-123 Compliance? Presentation to ASMC PDI May 29, 2015
What are SSAE 16 Reports and How do I Use Them to Support my Audit and A-123 Compliance? Presentation to ASMC PDI May 29, 2015 Agenda Internal Controls Over Financial Reporting - Internal Control Definition
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationRe: Exposure Draft Proposed ISAE 3402 on Assurance Reports on Controls at a Third Party Service Organization
Date Le Président Fédération Avenue d Auderghem 22-28 des Experts 1040 Bruxelles 31 May 2008 Comptables Tél. 32 (0) 2 285 40 85 Européens Fax: 32 (0) 2 231 11 12 AISBL E-mail: secretariat@fee.be Mr. Jim
More informationIGNITING GROWTH. Why a SOC Report Makes All the Difference
IGNITING GROWTH Why a SOC Report Makes All the Difference Many service organizations depend on the integrity of their control environment to protect their business as well as that of their customers. With
More informationAchieving third-party reporting proficiency with SOC 2+
Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,
More informationWebtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2016 through June 30, 2016 SOC 3 SM SOC 3 is a service
More informationCLOUD COMPUTING APPLYING THIS NEW TECHNOLOGY TO YOUR PRACTICE
CLOUD COMPUTING APPLYING THIS NEW TECHNOLOGY TO YOUR PRACTICE Douglas W. Barbin, CPA, CISSP, PCI QSA, CCSK BrightLine CPAs & Associates, Inc. November 4, 2011 Divorced after 72 Days AGENDA ANDOVERVIEW
More informationFollow AICPA on Twitter Feeds, LinkedIn Networks, Facebook Communities and YouTube Channels:
2 SOC 2 User Guide Disclaimer ISACA has designed this publication, SOC 2 SM User Guide (the Work ), primarily as an educational resource for user entities. ISACA makes no claim that use of any of the Work
More informationAddressing Cybersecurity Risk
The CPA s Role in Addressing Cybersecurity Risk How the Auditing Profession Promotes Cybersecurity Resilience MAY 2017 Contents 1. EXECUTIVE SUMMARY 1 2. THE LANDSCAPE OF CYBERSECURITY RISK 3 The Need
More informationDESCRIPTION OF AUDITING STANDARDS
June 7, 2017 DESCRIPTION OF AUDITING STANDARDS ISAE 3402 (FORMER SAS 70) AUDITING STANDARD Customers require that the service organizations demonstrate they have the adequate internal control system to
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationTo the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc.
Audit Tax Advisory Grant Thornton LLP 2001 Market Street, Suite 700 Philadelphia, PA 19103-7080 T 215.561.4200 F 215.561.1066 www.grantthornton.com Report of Independent Practitioner To the management
More informationReport of Independent Accountants
Report of Independent Accountants S.C. certsign S.A. B-dul Timisoara nr. 5A Sector 6, Bucharest, ZIP 061301, Romania We have examined the accompanying assertion 1 made by the management of S.C. certsign
More informationOptimising cloud security, trust and transparency
Optimising cloud security, trust and transparency April 2013 Jim Reavis, CSA Founder and Executive Director Daniele Catteddu, CSA Managing Director EMEA About the Cloud Security Alliance! Global, not-for-profit
More informationISA 800/805. Proposed changes to ISA 800/ 805 were limited in nature
ISA 800/805 Prof. Annette Köhler, IAASB Member and Drafting Team Chair Agenda Item 4 New York, USA June 16, 2015 Page 1 Proprietary and Copyrighted Information Background and Introduction Proposed changes
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationTesters vs Writers: Pen tests Quality in Assurance Projects. 10 November Defcamp7
Testers vs Writers: Pen tests Quality in Assurance Projects 10 November 2016 @ Defcamp7 Contents INTRODUCTION CONTEXT WHAT ABOUT AUDITING STANDARDS WHAT ABOUT INDEPENDENCE PEN TEST BETWEEN REGULATORY AND
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationCA/Browser Forum Meeting
CA/Browser Forum Meeting WebTrust for CA Update June 21, 2017 Jeff Ward / Don Sheehy / Janet Treasure Current Status WebTrust for CA 2.1 As you are aware, based on ISO 21188 WebTrust criteria based on
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationSERVICE DESCRIPTION ISO Lex. Certifications
SERVICE DESCRIPTION Lex ISO/IEC 20000-1 INFORMATION TECHNOLOGY - SERVICE MANAGEMENT SYSTEM Companies of any size rely on effective IT service management. No matter where you re based or what you do, your
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationInternational Standard on Auditing (Ireland) 505 External Confirmations
International Standard on Auditing (Ireland) 505 External Confirmations MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and promoting high
More informationOpportunities to Integrate Technology Into the Classroom. Presented by:
Opportunities to Integrate Technology Into the Classroom Presented by: Mark Salamasick, CIA, CISA, CRMA, CSP Executive Director of Audit University of Texas System Discussion Topics Internal Audit Textbook
More informationThe Texas A&M University System Internal Audit Department MONTHLY AUDIT REPORT
The Texas A&M University System Internal Audit Department MONTHLY AUDIT REPORT December 19, 2016 The Texas A&M University System Internal Audit Department December 2016 TABLE OF CONTENTS Texas A&M Transportation
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationInformation Security Program Audit Introduction and Survival Guide
Information Security Program Audit Introduction and Survival Guide Cyber Security Symposium 2016, Sacramento Convention Center September 28, 2016 INTRODUCTION Welcome Presenters Background Carl Salmonsen,
More informationSuperannuation Transaction Network
Superannuation Transaction Network Process and Requirements for New Gateway Operators Version 2.1 November 2016 For further information or questions, contact the GNGB secretariat via email at contactus@gngb.com.au
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More information10/12/17. CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA
CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA Larry Brownoff CPA, CA Director, Professional and Career Services Professional
More informationAuditing and Monitoring in an Effective Institutional Compliance Program
Auditing and Monitoring in an Effective Institutional Compliance Program 6 th Conference for Effective Compliance Systems in Higher Education Presented by David B. Crawford, Audit Manager Emeritus The
More informationHITRUST Common Security Framework - Are you prepared?
ALLINIAL HITRUST Common Security Framework - Are you prepared? Michael Kanarellis, HITRUST CCSFP May 17, 2017 MEMBER OF PKF ALLINIAL NORTH GLOBAL, AMERICA, AN ASSOCIATION AN OF LEGALLY OF LEGALLY INDEPENDENT
More informationIndependent Assurance Statement
Independent Assurance Statement Scope and Objectives DNV GL Business Assurance USA, Inc. (DNV GL) was commissioned by Lockheed Martin Corporation (Lockheed Martin) to conduct independent assurance of its
More informationRequest for Qualifications for Audit Services March 25, 2015
Request for Qualifications for Audit Services March 25, 2015 I. GENERAL INFORMATION A. Purpose This Request for Qualifications (RFQ) is to solicit a CPA firm with which to contract for a financial and
More informationInternational Standard on Auditing (UK) 505
Standard Audit and Assurance Financial Reporting Council July 2017 International Standard on Auditing (UK) 505 External Confi rmations The FRC s mission is to promote transparency and integrity in business.
More informationFIRST NATIONS FINANCIAL MANAGEMENT BOARD. FMB Certification: What Auditors Need to Know March 16, 2017
FIRST NATIONS FINANCIAL MANAGEMENT BOARD FMB Certification: What Auditors Need to Know March 16, 2017 Presenter Introductions Scott Munro, CPA, CA, CAFM Director, Standards and Certification Lee Fulla,
More informationContents. Process flow diagrams and other documentation
Process flow diagrams and other documentation Contents 1. Audit lessons 2. Process flows 3. Flowcharts 4. Information produced by entity (IPE) 5. Documentation Topic 1: Audit lessons Audit lessons Teams
More informationTo the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc.
Audit Tax Advisory Grant Thornton LLP 2001 Market Street, Suite 700 Philadelphia, PA 19103-7080 T 215.561.4200 F 215.561.1066 www.grantthornton.com Report of Independent Practitioner To the management
More informationIT Audit Process Prof. Liang Yao Week Two IT Audit Function
Week Two IT Audit Function Why we need IT audit A Case Study What You Can Learn about Risk Management from Societe Generale? https://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-fromsociete-generale.html
More informationHITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance.
HITRUST CSF Roadmap for 2018 and Beyond HITRUST CSF Roadmap 2017 HITRUST CSF v9 Update 21 CFR Part 11 (FDA electronic signatures) Add FFIEC IT Examination (InfoSec), FedRAMP, DHS Critical Resilience Review
More informationINTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of
More informationISE Central Executive Forum and Awards 2012
ISE Central Executive Forum and Awards 2012 Company Name: Project Name: Presenter: Presenter Title: Sallie Mae Enterprise-Wide Continuous Monitoring & Vulnerability Management Brian Brush Director Corporate
More informationIntegration Technologies Group, Inc. Uncompromising Performance
Integration Technologies Group, Inc. Uncompromising Performance Agenda Current Market Information Overview of ISO 27001 Overview of ISO 27001 Requirements, Controls and Assets Identify the Scope Overview
More informationREPORT OF THE INDEPENDENT ACCOUNTANT
Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 REPORT OF THE INDEPENDENT ACCOUNTANT To the Management of CertiPath, Inc.: We have examined CertiPath,
More informationLearning Objectives. External confirmations procedures as per SA330 and SA 500 requirements
CA. Sudhir Sharma 1 Learning Objectives 1 2 3 4 External confirmations procedures as per SA330 and SA 500 requirements Management s refusal to allow auditor to send confirmation requests Results of the
More informationAuditing Assurance Services A Systematic Approach 9th Edition
Auditing Assurance Services A Systematic Approach 9th Edition We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer,
More informationFSC STANDARD. Standard for Multi-site Certification of Chain of Custody Operations. FSC-STD (Version 1-0) EN
FOREST STEWARDSHIP COUNCIL INTERNATIONAL CENTER FSC STANDARD Standard for Multi-site Certification of Chain of Custody Operations FSC-STD-40-003 (Version 1-0) EN 2007 Forest Stewardship Council A.C. All
More informationIndependent Accountants Report. Utrecht, 28 January To the Management of GBO.Overheid:
KPMG IT Auditors P.O. Box 43004 3540 AA Utrecht The Netherlands Rijnzathe 14 3454 PV De Meern The Netherlands Telephone +31 (0)30 658 2150 Fax +31 (0)30 658 2199 Independent Accountants Report To the Management
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationIndependent Accountant s Report
Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 Independent Accountant s Report To the Management of Visa U.S.A. Inc. ( Visa ): We have examined Visa
More informationLIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)
Route To: Partners Managers Staff File LIST OF SUBSTANTIVE CHANGES AND ADDITIONS PPC's Guide to Audits of Local Governments Thirty first Edition (February 2016) Highlights of This Edition The following
More informationIT Audit Process Prof. Liang Yao Week Six IT Audit Planning
Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities
More information