WHICH SOC REPORT IS RIGHT FOR YOUR CLIENT?

Size: px
Start display at page:

Download "WHICH SOC REPORT IS RIGHT FOR YOUR CLIENT?"

Transcription

1 CPAs & ADVISORS STRATEGIC ALLIANCE WEBINAR SERIES WHICH SOC REPORT IS RIGHT FOR YOUR CLIENT? June 20, 2017 Cindy Boyle TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete group attendance form with Title & date of live webinar Your company name Your printed name, signature & address All group attendance sheets must be submitted to training@bkd.com within 24 hours of live webinar Answer polls when they are provided If all eligibility requirements are met, each participant will be ed their CPE certificates within 15 business days of live webinar 1

2 Jason Jobgen Director Alliance Services Cindy Boyle Partner IT Risk Services 2

3 AGENDA Common Terminology Types of Reports Recent Changes Questions? 3

4 COMMON TERMINOLOGY Service organization performs services outsourced by companies/auditee Service auditor CPA who examines & reports on controls at a service organization used in lieu or practitioner Users typically considered clients of service organization User auditor CPA who performs an audit on the users financial statements COMMON TERMINOLOGY SOC service organization control reports but AICPA moving to system & organization control reports Broader category of SOC suite of services SOC 2 + Will include additional attestations 4

5 WHAT ARE SERVICE ORGANIZATIONS? Service organization provider of services that may impact a risk to a user s financial reporting or that poses a business or compliance risk Services such as Cloud computing (SaaS, IaaS, PaaS) Managed security providers AR /AP/Payroll/Tax outsourcing Core financial IT system processing or hosting Customer support Health care claims management & processing TYPES OF REPORTS 5

6 PRIMARY TYPES OF REPORTS SOC 1 SOC 2 SOC 3 Controls affect user entities Financial statement ICFR Compliance & operations Compliance & operations Use of report Restricted Restricted General AICPA interpretive guidance & reporting vehicle SSAE No. 18 which includes AT-C section 320, AICPA Guide SSAE No. 18 which includes AT-C section 105 & AT-C section 205, AICPA Guide TSP section 100, AICPA, 2017 Trust Services Criteria SSAE No. 18 which includes AT-C section 105 & AT-C section 205,TSP section 100 AICPA, 2017 Trust Services Criteria Information obtained from AICPA.org PRIMARY TYPES OF REPORTS Contents of the report SOC 1 SOC 2 SOC 3 Description of service organization s system Management s written assertion Service auditor s report Type 2 includes a description of tests of controls & results of the tests Description of service organization s system Management s written assertion Service auditor s report Type 2 includes a description of tests of controls & results of the tests Service auditor s opinion on whether the entity maintained effective controls over its system Information obtained from AICPA.org 6

7 SOC 2 REPORTING Trust Services Principles (TSP) criteria Security (common criteria): system is protected against unauthorized access, use or modification Availability: system is available for operation & use as committed or agreed Processing Integrity: system processing is complete, valid, accurate, timely & authorized SOC 2 REPORTING Trust Services Principles (TSP) criteria Confidentiality: information designated as confidential is protected as committed or agreed Privacy: system s collection, use, retention, disclosure & disposal of personal information in conformity with the commitments in the entity s privacy notice & with criteria set forth in generally accepted privacy principles issued by AICPA & Canadian Institute of Chartered Accountants 7

8 SOC 3 REPORTING Public report Very abbreviated report essentially a SOC 2 light Assertion & opinion only on Suitability of design Operating effectiveness of controls Not on system description SOC 3 REPORTING No longer has a required seal There is a SOC logo that an organization can display from AICPA Essentially must do SOC 2 in order to issue a SOC 3 SOC 2 report must have an unqualified opinion Must cover at least a two-month period 8

9 SOC 3 REPORTING Currently cannot issue a SOC 3 unqualified opinion if There are carved out subservice organizations in the SOC 2 There are significant complementary user-entity controls necessary to achieve the applicable trust services principles criteria TWO SUB-TYPES OF SOC 1 & SOC 2 REPORTS 9

10 SUBTYPES OF REPORTS TYPE 1 Reports on fairness of presentation of management s description of the service organization s system Suitability of design of controls Point in time reporting May be useful when Organization is new Understanding system & controls is needed Recently made significant changes Insufficient time or history to perform Type 2 SUBTYPES OF REPORTS TYPE 2 Same as Type 1, plus Reports on fairness of presentation, suitability of design & operating effectiveness Includes a description of service auditor s tests of controls & results Covers a period of time 10

11 REPORTING TO MULTIPLE AUDIENCES Multiple reports scenarios SOC 1 & SOC 2 Services impacting ICFR of user & other services with TSP concerns SOC 2 & SOC 3 Services not impacting ICFR & need to use beyond current users such as marketing to prospects SOC 1 & SOC 3 Services impacting ICFR of user & other services with TSP concerns or marketing needs Note must be separate reports RECENT CHANGES SSAE 18 SOC for Cybersecurity Engagements 11

12 RECENT CHANGES SSAE 18 Subservice organizations Significant changes to service organization management responsibility Service auditor changes SUBSERVICE ORGANIZATIONS Introduces complimentary subservice organization controls (CSOC) Service organization must identify risks that subservice organization controls are not in place Service auditor must consider CSOC as part of risk assessment process & assess how management addressed the risks 12

13 SIGNIFICANT CHANGES TO SERVICE ORGANIZATION MANAGEMENT RESPONSIBILITY Previously, service auditor identified risks; now they are to obtain an understanding of how management identified risks Previously, service auditor was to determine which controls were necessary; now they are to understand which controls are necessary Emphasizes service organization management s responsibility for the narrative, objectives & controls SERVICE AUDITOR CHANGES Service auditor is now required to understand internal audit s role in the service organizations system Must obtain evidence of the accuracy & completeness of information like populations Service auditor must more clearly define intended users of the report 13

14 RECENT CHANGES SOC FOR CYBERSECURITY ENGAGEMENTS AICPA Guide June 1, 2017 Reporting on an Entity s Cybersecurity Risk Management Program & Controls In a cybersecurity risk management examination, the practitioner opines on: (a) management s description of the entity s cybersecurity risk management program & (b) effectiveness of controls within that program to achieve entity s cybersecurity objectives Examination results in issuance of a general use cybersecurity report designed to meet the needs of a variety of potential users UNDER DEVELOPMENT: SOC FOR VENDOR SUPPLY CHAINS An internal controls report on a vendor s manufacturing processes for customers of manufacturers & distributors to better understand the cybersecurity risk in their supply chains 14

15 PEER REVIEW SOC EXAMS ARE NOW REQUIRED SELECTIONS 15

16 BKD, LLP is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: The information contained in these slides is presented by professionals for your information only. Applying specific information to your situation requires careful consideration of facts & circumstances. Consult your BKD advisor before acting on any matters covered herein or in these seminars. CPE CREDIT CPE credit may be awarded upon verification of participant attendance For questions, concerns or comments regarding CPE credit, please the BKD Learning & Development Department at training@bkd.com 16

17 THANK YOU FOR MORE INFORMATION // For a complete list of our offices & subsidiaries, visit bkd.com or contact: Cindy Boyle, CPA, CIA, CITP, CISA // Partner cboyle@bkd.com //

SOC Reporting / SSAE 18 Update July, 2017

SOC Reporting / SSAE 18 Update July, 2017 SOC Reporting / SSAE 18 Update July, 2017 Agenda SOC Refresher Overview of SSAE 18 Changes to SOC 1 Changes to SOC 2 Quiz / Questions Various Types of SOC Reports SOC for Service Organizations (http://www.aicpa.org/soc4so)

More information

Transitioning from SAS 70 to SSAE 16

Transitioning from SAS 70 to SSAE 16 Industry Webinar Series SAS 70 ENDS EXIT TO SSAE 16 Transitioning from SAS 70 to SSAE 16 How Does This Apply to Your Organization? Cindy Boyle, Partner Rodney Walsh, Director BKD IT Risk Services Agenda

More information

SSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services

SSAE 18 & new SOC approach to compliance. Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services SSAE 18 & new SOC approach to compliance Moderator Name: Patricio Garcia Managing Partner ControlCase Attestation Services Agenda 1. SSAE 18 overview 2. SOC 2 + 3. 2017 Trust Services Criteria SSAE 18

More information

Retirement of SAS 70 and a new generation of Service Organization Control (SOC) Reports

Retirement of SAS 70 and a new generation of Service Organization Control (SOC) Reports new generation of Service Organization Control (SOC) Reports Presented by: Nina Currigan, KPMG Advisory Manager Karen Krebsbach, Ernst & Young Advisory Manager With you today Nina Currigan Advisory Manager

More information

SOC Updates: Understanding SOC for Cybersecurity and SSAE 18. May 23, 2017

SOC Updates: Understanding SOC for Cybersecurity and SSAE 18. May 23, 2017 SOC Updates: Understanding SOC for Cybersecurity and SSAE 18 May 23, 2017 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

More information

SOC Reports The 2017 Update: What s new, What s not, and What you should be doing with the SOC Reports you receive! Presented by Jeff Pershing

SOC Reports The 2017 Update: What s new, What s not, and What you should be doing with the SOC Reports you receive! Presented by Jeff Pershing SOC Reports The 2017 Update What s new, What s not, and What you should be doing with the SOC Reports you receive! presented to Northeast Ohio ISACA Thursday, April 20, 2017 Jeff Pershing, CISA, CISM,

More information

To Receive CPE Credit

To Receive CPE Credit Excel Refreshable Reports in Dynamics GP Charles Allen Senior Managing Consultant BKD Technologies callen@bkd.com June 22, 2017 To Receive CPE Credit Participate in entire webinar Answer attendance checks

More information

The SOC 2 Compliance Handbook:

The SOC 2 Compliance Handbook: The SOC 2 Compliance Handbook: Your guide to SOC 2 Audit Success The SOC 2 Compliance Handbook Page 2 Table of Contents Abstract 3 Why am I being asked about SOC Compliance? 4 What s the difference between

More information

Evaluating SOC Reports and NEW Reporting Requirements

Evaluating SOC Reports and NEW Reporting Requirements Evaluating SOC Reports and NEW Reporting Requirements ISACA Kris Lonborg, EY Partner Maria Avedissian, EY Senior Manager September 12, 2013 Agenda Evaluating SOC reports Recent changes made to the SOC1

More information

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional

More information

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American

More information

Exploring Emerging Cyber Attest Requirements

Exploring Emerging Cyber Attest Requirements Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working

More information

ISACA Cincinnati Chapter March Meeting

ISACA Cincinnati Chapter March Meeting ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview

More information

SAS 70 & SSAE 16: Changes & Impact on Credit Unions. Agenda

SAS 70 & SSAE 16: Changes & Impact on Credit Unions. Agenda SAS 70 & SSAE 16: Changes & Impact on Credit Unions John Mason CISM, CISA, CGEIT, CFE SingerLewak LLP October 19, 2010 Agenda Statement on Auditing Standards (SAS) 70 background Background & purpose Types

More information

SAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2

SAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2 SAAABA Changes in Reports on Service Organization Controls April 18, 2012 Changes in Reports on Service Organization Controls (formerly SAS 70) April 18, 2012 Duane M. Reyhl, CPA Andrews Hooper Pavlik

More information

Using Excel with Dynamics GP

Using Excel with Dynamics GP Using Excel with Dynamics GP March 22, 2018 TO RECEIVE CPE CREDIT Participate in entire webinar Answer attendance checks & polls when they are provided If you are viewing this webinar in a group, complete

More information

Mastering SOC-1 Attestation Reports Under SSAE 16: Auditing Service Organizations Controls in the Cloud

Mastering SOC-1 Attestation Reports Under SSAE 16: Auditing Service Organizations Controls in the Cloud FOR LIVE POGRAM ONLY Mastering SOC-1 Attestation Reports Under SSAE 16: Auditing Service Organizations Controls in the Cloud TUESDAY, AUGUST 9, 2016, 1:00-2:50 pm Eastern IMPORTANT INFORMATION FOR THE

More information

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here

More information

CSF to Support SOC 2 Repor(ng

CSF to Support SOC 2 Repor(ng CSF to Support SOC 2 Repor(ng Ken Vander Wal, CPA, CISA, HCISPP Chief Compliance Officer, HITRUST * ken.vanderwal@hitrustalliance.net Agenda Introduction to SOC Reporting SOC 2 and HITRUST CSF AICPA and

More information

IT Attestation in the Cloud Era

IT Attestation in the Cloud Era IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction

More information

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY? WHITE PAPER SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY? JEFF COOK DIRECTOR CPA, CITP, CIPT, CISA North America Europe 877.224.8077 info@coalfire.com coalfire.com TABLE OF CONTENTS Summary...

More information

To Receive CPE Credit

To Receive CPE Credit Using Microsoft Access with Dynamics GP August 28, 2014 Charles Allen Senior Managing Consultant BKD Technologies callen@bkd.com To Receive CPE Credit Participate in entire webinar Answer polls when they

More information

To Receive CPE Credit

To Receive CPE Credit Integration Options for Dynamics GP September 17, 2015 Charles Allen Senior Managing Consultant BKD Technologies callen@bkd.com To Receive CPE Credit Participate in entire webinar Answer attendance checks

More information

Understanding and Evaluating Service Organization Controls (SOC) Reports

Understanding and Evaluating Service Organization Controls (SOC) Reports Understanding and Evaluating Service Organization Controls (SOC) Reports Kevin Sear, CPA, CIA, CISA, CFE, CGMA Agenda 1. Why are SOC reports important? 2. Understanding the new SOC-1, SOC-2, and SOC-3

More information

SOC Lessons Learned and Reporting Changes

SOC Lessons Learned and Reporting Changes SOC Lessons Learned and Reporting Changes Dec. 16, 2014 Your Presenters Today Arshad Ahmed, CISA, CISSP, CPA Leader of SOC and Technology Risk Services for Crowe Rod Smith, CISA, CPA Thought Leader for

More information

SOC for cybersecurity

SOC for cybersecurity April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory

More information

Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017

Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017 Presenter Colin Wallace, CPA/CFF, CFE, CIA, CISA Partner Colin has provided management consulting and internal

More information

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers SAS No. 70 Practices & Developments Todd Bishop Director, Risk Assurance Services, PricewaterhouseCoopers Agenda SAS 70 Background

More information

Adopting SSAE 18 for SOC 1 reports

Adopting SSAE 18 for SOC 1 reports Adopting SSAE 18 for SOC 1 reports Overview Since its adoption in 2011, service auditor reports issued in accordance with SSAE 16 have become increasingly common in the marketplace. In April 2016, the

More information

Payment Card Industry (PCI) Compliance

Payment Card Industry (PCI) Compliance Payment Card Industry (PCI) Compliance February 13, 2019 To Receive CPE Credit Individuals Participate in entire webinar Answer polls when they are provided Groups Group leader is the person who registered

More information

HITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance.

HITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance. HITRUST CSF Roadmap for 2018 and Beyond HITRUST CSF Roadmap 2017 HITRUST CSF v9 Update 21 CFR Part 11 (FDA electronic signatures) Add FFIEC IT Examination (InfoSec), FedRAMP, DHS Critical Resilience Review

More information

QUESTIONS AND ANSWERS ABOUT THE NEW EDUCATION FRAMEWORK FOR PEER REVIEWERS

QUESTIONS AND ANSWERS ABOUT THE NEW EDUCATION FRAMEWORK FOR PEER REVIEWERS QUESTIONS AND ANSWERS ABOUT THE NEW EDUCATION FRAMEWORK FOR PEER REVIEWERS INITIAL TRAINING REQUIREMENTS When does the new initial training requirement become effective? Beginning on May 1, 2016, individuals

More information

Information for entity management. April 2018

Information for entity management. April 2018 Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed

More information

Credit Union Service Organization Compliance

Credit Union Service Organization Compliance Credit Union Service Organization Compliance How do SOC reporting and PCI requirements affect your overall compliance strategy? May 15 2012 Your Speakers Dennis Lavin Credit Union Assurance Partner Moderator

More information

Pivoting Your Data. How Pivot Tables Can Help You Analyze Data. To Receive CPE Credit 1/18/2019. Individuals. Groups

Pivoting Your Data. How Pivot Tables Can Help You Analyze Data. To Receive CPE Credit 1/18/2019. Individuals. Groups Pivoting Your Data How Pivot Tables Can Help You Analyze Data January 21, 2019 To Receive CPE Credit Individuals Participate in entire webinar Answer polls when they are provided Groups Group leader is

More information

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION PROFILE The Fiduciary and Investment Risk Management Association, Inc. (FIRMA ) is the leading provider of fiduciary and investment risk management education and networking to the fiduciary and investment

More information

IGNITING GROWTH. Why a SOC Report Makes All the Difference

IGNITING GROWTH. Why a SOC Report Makes All the Difference IGNITING GROWTH Why a SOC Report Makes All the Difference Many service organizations depend on the integrity of their control environment to protect their business as well as that of their customers. With

More information

Making trust evident Reporting on controls at Service Organizations

Making trust evident Reporting on controls at Service Organizations www.pwc.com Making trust evident Reporting on controls at Service Organizations 1 Does this picture look familiar to you? User Entity A User Entity B User Entity C Introduction and background Many entities

More information

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS NE HIMSS Vendor Risk October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Does Vendor Management Feel Like This? 2 Vendor Risk Management Lifecycle

More information

CITP Credential handbook

CITP Credential handbook CITP Credential handbook A guide to the AICPA Certified Information Technology Professional credential i CITP Credential handbook A guide to the AICPA Certified Information Technology Professional credential

More information

Internal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit

Internal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit Internal Audit Report Electronic Bidding and Contract Letting TxDOT Office of Internal Audit Objective Review of process controls and service delivery of the TxDOT electronic bidding process. Opinion Based

More information

CPE Frequently Asked Questions

CPE Frequently Asked Questions What are the CPE requirements in Louisiana? Each certificate holder must complete and report a minimum of 20 hours of continuing professional education (CPE) annually, and at least 80 hours of continuing

More information

Administrative Directive No. 4: 2011 Continuing Professional Education Requirements for All Certification Programs

Administrative Directive No. 4: 2011 Continuing Professional Education Requirements for All Certification Programs Administrative Directive No. 4: 2011 Continuing Professional Education Requirements for All Certification Programs Purpose This document contains the mandatory Continuing Professional Education (CPE) requirements

More information

CPE Frequently Asked Questions

CPE Frequently Asked Questions What are the CPE requirements in Louisiana? Each certificate holder must complete and report a minimum of 20 hours of continuing professional education (CPE) annually, and at least 80 hours of continuing

More information

Achieving third-party reporting proficiency with SOC 2+

Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,

More information

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW

4/5/2017. April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW April 5, 2017 CYBER-RISK: WHAT MANAGEMENT & BOARDS NEED TO KNOW 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when they are provided If you are viewing this webinar in a group Complete

More information

Draft Model Rules for Continuing Professional Education (CPE)

Draft Model Rules for Continuing Professional Education (CPE) Draft Model Rules for Continuing Professional Education (CPE) Approved for exposure for comment by NASBA Board of Directors on January 6, 2017 Comment deadline: April 17, 2017 Send comments to lhaberman@nasba.org

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Auditing IT General Controls

Auditing IT General Controls Auditing IT General Controls Amanthi Pendegraft and Nadine Yassine September 27, 2017 Agenda Introduction and Objectives IT Audit Fundamentals IT General Controls Overview Access to Programs and Data Program

More information

PECB Certified ISO Lead Auditor. Master the Audit of Occupational Health and Safety Management System (OHSMS) based on ISO 45001

PECB Certified ISO Lead Auditor. Master the Audit of Occupational Health and Safety Management System (OHSMS) based on ISO 45001 Certified Lead Auditor Master the Audit of Occupational Health and Safety Management System (OHSMS) based on Why should you attend? is the first global Occupational Health and Safety Management System

More information

Studio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company

Studio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company Studio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company To get where the others fail, we have to achieve even higher goals www.sas70.it MISSION Our Mission consists

More information

Maintenance of Competency; Continuing Professional Education (CPE)

Maintenance of Competency; Continuing Professional Education (CPE) FULL TEXT of CPE rules adopted 09/20/2015 Chapter 13. Maintenance of Competency; Continuing Professional Education (CPE) 1301. Basic Requirements A. Each certificate holder shall participate in a minimum

More information

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2016 through June 30, 2016 SOC 3 SM SOC 3 is a service

More information

Optimising cloud security, trust and transparency

Optimising cloud security, trust and transparency Optimising cloud security, trust and transparency April 2013 Jim Reavis, CSA Founder and Executive Director Daniele Catteddu, CSA Managing Director EMEA About the Cloud Security Alliance! Global, not-for-profit

More information

California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011

California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011 www.pwc.com California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011 Agenda SSAE 16 Background Results of Audit Scope of Audit Looking Forward Closing Thoughts Slide 1

More information

Audit Considerations Relating to an Entity Using a Service Organization

Audit Considerations Relating to an Entity Using a Service Organization An Entity Using a Service Organization 355 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128; SAS No. 130. Effective for audits of

More information

Opportunities to Integrate Technology Into the Classroom. Presented by:

Opportunities to Integrate Technology Into the Classroom. Presented by: Opportunities to Integrate Technology Into the Classroom Presented by: Mark Salamasick, CIA, CISA, CRMA, CSP Executive Director of Audit University of Texas System Discussion Topics Internal Audit Textbook

More information

The value of visibility. Cybersecurity risk management examination

The value of visibility. Cybersecurity risk management examination The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals

More information

As an IIA certified professional, the member is responsible for ensuring that the CPD information reported is accurate.

As an IIA certified professional, the member is responsible for ensuring that the CPD information reported is accurate. CPD ACTIVITY REQUIREMENTS Introduction The Professional Certifications Board requires that after initial certification, CIAs, CCSAs, CGAPs, CRMA s and CFSAs must maintain their knowledge and skills and

More information

CASA External Peer Review Program Guidelines. Table of Contents

CASA External Peer Review Program Guidelines. Table of Contents CASA External Peer Review Program Guidelines Table of Contents Introduction... I-1 Eligibility/Point System... I-1 How to Request a Peer Review... I-1 Peer Reviewer Qualifications... I-2 CASA Peer Review

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust

More information

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has

More information

Oregon Board of Accountancy WHAT YOU NEED TO KNOW

Oregon Board of Accountancy WHAT YOU NEED TO KNOW Oregon Board of Accountancy WHAT YOU NEED TO KNOW Contact Information Kimberly Fast Executive Director Kimberly.fast@Oregon.gov Licensing Department: Julie Nadeau Licensing Manager Stacey Janes Licensing

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate

More information

Oregon Board of Accountancy

Oregon Board of Accountancy Oregon Board of Accountancy WHAT YOU NEED TO KNOW Contact Information Martin Pittioni Executive Director martin.w.pittioni@oregon.gov (503)378-2280 Licensing Department: Kimberly Fast Licensing Manager

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified OHSAS 18001 Lead Auditor www.pecb.com The objective of the PECB Certified OHSAS 18001 Lead Auditor examination is to ensure that the candidate

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 37001 Lead Auditor www.pecb.com The objective of the Certified ISO 37001 Lead Auditor examination is to ensure that the candidate possesses

More information

Auditing the Cloud. Paul Engle CISA, CIA

Auditing the Cloud. Paul Engle CISA, CIA Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,

More information

Background of the North America Top Technology Initiatives Survey

Background of the North America Top Technology Initiatives Survey Kevin M. Martin, CPA.CITP, MCSE, MCP+I The 2013 North America* Top Technology Initiatives Survey *AICPA and CPA Canada The views expressed by the presenters do not necessarily represent the views, positions,

More information

Application Kit. A guide to the AICPA Certified Information Technology Professional credential

Application Kit. A guide to the AICPA Certified Information Technology Professional credential Application Kit A guide to the AICPA Certified Information Technology Professional credential 2017 Association of International Professional Accountants. All rights reserved. AICPA and American Institute

More information

Learning with the IIA Refreshing the profession: The New Internal Auditor. Jan Olivier 6 February 2019

Learning with the IIA Refreshing the profession: The New Internal Auditor. Jan Olivier 6 February 2019 Learning with the IIA Refreshing the profession: The New Internal Auditor Jan Olivier 6 February 2019 Contents title Qualifications framework CIA syllabus update Learning support Qualifications framework

More information

Trend Micro Professional Services Partner Program

Trend Micro Professional Services Partner Program Trend Micro Professional Services Partner Program PROGRAM OVERVIEW The Trend Micro Partner Program provides professional services companies with the certification, training, technical support and access

More information

Article II - Standards Section V - Continuing Education Requirements

Article II - Standards Section V - Continuing Education Requirements Article II - Standards Section V - Continuing Education Requirements 2.5.1 CONTINUING PROFESSIONAL EDUCATION Internal auditors are responsible for maintaining their knowledge and skills. They should update

More information

Memphis Chapter. President s Message. This annual event is designed to provide students with a

Memphis Chapter. President s Message. This annual event is designed to provide students with a Memphis Chapter F E B R U A R Y 2 0 1 5 Remember: Update your IIA profile for the most up-to-date news. RSVP for the Annual Student Day February 24, 2015 This annual event is designed to provide students

More information

Audit and Assurance Overview

Audit and Assurance Overview Chartered Professional Accountants of Canada, CPA Canada, CPA are trademarks and/or certification marks of the Chartered Professional Accountants of Canada. 2018, Chartered Professional Accountants of

More information

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research. CONTENTS i. INTRODUCTION 3 ii. OVERVIEW SPECIFICATION PROTOCOL DOCUMENT DEVELOPMENT PROCESS 4 1. SCOPE 5 2. DEFINITIONS 5 3. REFERENCES 6 4. MANAGEMENT STANDARDS FOR APPROVED CERTIFICATION BODIES 6 4.1

More information

Continuing Professional Education Policy: Requirements for Certification and Qualification Programs. (formerly known as Administrative Directive #4)

Continuing Professional Education Policy: Requirements for Certification and Qualification Programs. (formerly known as Administrative Directive #4) Continuing Professional Education Policy: Requirements for Certification and Qualification Programs (formerly known as Administrative Directive #4) IIA Professional Certification Board November 2017 Contents

More information

INCREASE YOUR CHANCES OF PASSING THE CIA EXAM

INCREASE YOUR CHANCES OF PASSING THE CIA EXAM INCREASE YOUR CHANCES OF PASSING THE CIA EXAM Sherri Lee Manager, Global Certifications, The IIA Daniel Lebel, CPA, CMA, CIA, CCSA, CFSA, CGAP, CRMA Chief Audit Executive, University of Quebec in Montreal

More information

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &

More information

HITRUST CSF: One Framework

HITRUST CSF: One Framework HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach

More information

Addressing Cybersecurity Risk

Addressing Cybersecurity Risk The CPA s Role in Addressing Cybersecurity Risk How the Auditing Profession Promotes Cybersecurity Resilience MAY 2017 Contents 1. EXECUTIVE SUMMARY 1 2. THE LANDSCAPE OF CYBERSECURITY RISK 3 The Need

More information

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001 Master the Audit of Systems (ISMS) based on ISO/IEC 27001 Why should you attend? Auditor training enables you to develop the necessary expertise to perform an System (ISMS) audit by applying widely recognized

More information

Information Security Officer (ISO) Education

Information Security Officer (ISO) Education Information Security Officer (ISO) Education October 16, 2018 TBA Barrett Training Center Nashville, Tenn. Information Security Officer (ISO) Education October 16, 2018 TBA Barrett Training Center Nashville,

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification 2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,

More information

Chain of Custody Policy. July, 2015

Chain of Custody Policy. July, 2015 July, 2015 Copies of this document are available for free in electronic format at the following website: www.rainforest-alliance.org Please send your comments or suggestions concerning this document to

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses

More information

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers 2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified Management System Auditor www.pecb.com The objective of the PECB Certified Management System Auditor examination is to ensure that the candidates

More information

Continuing Professional Education Policy

Continuing Professional Education Policy Continuing Professional Education Policy CSX Practitioner S P E Certified Cybersecurity Practitioner https://cybersecurity.isaca.org Table of Contents MAINTAINING YOUR CSX PRACTITIONER CERTIFICATION...

More information

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017 3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 25 April 2008 International Auditing and Assurance

More information

CPD ACTIVITY GUIDELINES AND REQUIREMENTS

CPD ACTIVITY GUIDELINES AND REQUIREMENTS Introduction After obtaining the Internal Audit Technician (IAT) and / or Professional Internal Auditor (PIA)* designations, members must maintain their knowledge and skills and stay abreast of improvements

More information

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010 JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor

More information

Ethics for Virginia CPAs

Ethics for Virginia CPAs Ethics for Virginia CPAs Course Instructions and Final Examination Ethics for Virginia CPAs By Colleen Neuharth McClain, CPA CPE Edition Distributed by The CPE Store www.cpestore.com 1-800-910-2755 The

More information

PECB Certified ISO/IEC Lead Auditor

PECB Certified ISO/IEC Lead Auditor When Recognition Matters Lead Auditor 25-29 March 2018 Master the Audit of Rainbow Towers Hotel, Harare Systems (ISMS) based on $1250.00 Who should attend? - Auditors seeking to perform and lead System

More information

APPENDIX B STATEMENT ON STANDARDS FOR CONTINUING PROFESSIONAL EDUCATION (CPE) PROGRAMS

APPENDIX B STATEMENT ON STANDARDS FOR CONTINUING PROFESSIONAL EDUCATION (CPE) PROGRAMS APPENDIX B STATEMENT ON STANDARDS FOR CONTINUING PROFESSIONAL EDUCATION (CPE) PROGRAMS Appendix B-1 STATEMENT ON STANDARDS FOR CONTINUING PROFESSIONAL EDUCATION (CPE) PROGRAMS The following standards are

More information

10/12/17. CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA

10/12/17. CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA CPA Alberta Professional and Public Accounting Practice Varied Registration Model CPA FORUM NORTH OCTOBER 23 RD, 2017 JASPER, ALBERTA Larry Brownoff CPA, CA Director, Professional and Career Services Professional

More information