preparing soc 1 soc 2 or soc 3 reports best practices
play

Preparing SOC 1, SOC 2 or SOC 3 Reports: Best Practices Meeting - PowerPoint PPT Presentation

Dec 22, 2022 •253 likes •842 views

Presenting a live 110 minute teleconference with interactive Q&A Preparing SOC 1, SOC 2 or SOC 3 Reports: Best Practices Meeting Challenges Arising From SSAE 16, ISAE 3402 and Other Service Company Control Standards WEDNESDAY, MARCH 7, 2012

  1. Presenting a live 110 ‐ minute teleconference with interactive Q&A Preparing SOC 1, SOC 2 or SOC 3 Reports: Best Practices Meeting Challenges Arising From SSAE 16, ISAE 3402 and Other Service Company Control Standards WEDNESDAY, MARCH 7, 2012 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Suzanne Nersessian, Director, National Service Organization Controls Reporting, Deloitte & Touche , Boston , , g p g, , David Palmer, Managing Director, KPMG , Chicago Nargiz Yusupova, Manager, P&N Consulting , Baton Rouge, La. Ryan Buckner, Shareholder, BrightLine CPAs & Assoc. , Atlanta For this program, attendees must listen to the audio over the telephone. Please refer to the instructions emailed to the registrant for the dial-in information. Attendees can still view the presentation slides online. If you have any questions, please contact Customer Service at1-800-926-7926 ext. 10 .

  2. Conference Materials If you have not printed the conference materials for this program, please complete the following steps: Click on the + sign next to “Conference Materials” in the middle of the left- • hand column on your screen hand column on your screen. Click on the tab labeled “Handouts” that appears, and there you will see a • PDF of the slides for today's program. Double click on the PDF and a separate page will open. Double click on the PDF and a separate page will open. • Print the slides by clicking on the printer icon. •

  3. Continuing Education Credits FOR LIVE EVENT ONLY Attendees must listen to the audio over the telephone . Attendees can still view the presentation slides online but there is no online audio for this program. Attendees must stay on the line for at least 100 minutes in order to qualify for a full 2 credits of CPE. Attendance is monitored as required by NASBA. Please refer to the instructions emailed to the registrant for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 . at 1 800 926 7926 ext. 10 .

  4. Tips for Optimal Quality S S ound Qualit y d Q lit For this program, you must listen via the telephone by dialing 1-866-873-1442 and entering your PIN when prompted. There will be no sound over the web co connection. ect o . If you dialed in and have any difficulties during the call, press *0 for assistance. You may also send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. Viewing Qualit y To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again press the F11 key again.

  5. P Preparing SOC 1, SOC 2 or SOC 3 i SOC SOC SOC Reports: Best Practices Seminar March 7, 2012 Suzanne Nersessian, Deloitte & Touche David Palmer, KPMG snersessian@deloitte.com davepalmer@kpmg.com Nargiz Yusupova, P & N Consulting Ryan Buckner, BrightLine CPAs & Assoc. nyusupova@pncpa.com buckner@brightline.com

  6. Today’s Program Introduction To SOC Framework Slide 7 – Slide 10 [S uzanne Nersessian] Slide 11 – Slide 23 SOC 1 Review [S uzanne Nersessian] Slide 24 – Slide 34 SOC 2 Review [David Palmer] SOC 3 Review SOC 3 Review Slide 35 – Slide 46 Slide 35 – Slide 46 [Nargiz Y usupova] Slide 47 – Slide 58 Considerations In Selecting An Attestation Examination [Ryan Buckner]

  7. Suzanne Nersessian, Deloitte & Touche INTRODUCTION TO SOC INTRODUCTION TO SOC FRAMEWORK

  8. B Background: Why The Change k d Wh Th Ch • Original intent of SAS 70 • Growth of service organizations over last 40 years • SAS 70 used in ways that were never intended • SAS 70 became a de fact o global standard SAS 70 became a de fact o global standard. • Convergence of U.S. and international standards 8

  9. Ch Changes In Reporting On Controls I R i O C l I.ISAE 3402 led to the development of SSAE 16. II.SAS 70 split A A. AU 402 AU 402 B. SSAE 16 III.Effective date: Periods ending on or after June 15, 2011. g , Specific to covering internal control over financial reporting IV.AICPA Practitioner Guide: Usable for both standards, and for practitioners and service organizations alike practitioners and service organizations alike V.Allows for the use of the framework/guidance to perform engagements under another standard (e.g., SOC 2) 9

  10. Reporting Standards p g AICPA Service Organization Control (SOC) Reports New Standards & Options d d Service Org Service Org Service Org Control 1 Control 1 Control 2 Control 2 Control 3 Control 3 (SOC 1) (SOC 2) (SOC 3) SSAE16 – Service AT 101 AT 101 auditor guidance auditor guidance General Use Generally Restricted Restricted Use Use Report Report Report (Type I or II Report) (w/ public seal) (Type I or II Report) Purpose: Reports on Purpose: Reports on Purpose: Reports on controls related to controls related to controls for F/S audits compliance or operations compliance or operations Trust Services Principles & Criteria 10

  11. Suzanne Nersessian, Deloitte & Touche SOC 1 REVIEW SOC 1 REVIEW

  12. SOC R SOC 1 Reports: Purpose/Intended Use t P /I t d d U • Purpose To provide user entities and their independent auditors with information and a • CPA’s opinion about controls at the service organization relevant to user entities’ internal control over financial reporting Covers fair presentation, design and operating effectiveness p g p g • • Restricted use report Management of the service organization • User entities of the service organization’s system during some or all of the period • covered by the report (for Type 2 reports) Independent auditors of user entites • • Indirect users • Does not include pot ent ial users • Intended use Report on controls that are likely to be relevant to user entities’ internal controls • over financial reporting For use in a financial statement audit • 12

  13. ISAE 3402 Relationship To SSAE 16: Notable Differences Notable Differences SSAE 16 ISAE 3402 Use of report p Required to include a statement restricting the use of the Required to state that it is only intended for user entities and report to management of the service organization, user their auditors, but does not require inclusion of statement entities of the system and user auditors restricting the use. Does not prohibit the inclusion of restricted use language Intentional acts Service auditor considers impact of intentional acts on the Silent on this requirement description of the system, design and operating effectiveness of controls. Use of internal audit U f i l di Provides for use of internal audit in direct assistance Does not provide for the use of internal audit for direct assistance; however, is being considered for adoption Subsequent events Service auditor to consider Type 2 subsequent events after Service auditor to consider Type 2 subsequent events after Limits the service auditor’s disclosure to those events that Limits the service auditor’s disclosure to those events that the report date could affect their opinion (i.e. a type 1 subsequent event) Deviations/exceptions All exceptions are reported regardless of whether they All exceptions are reported regardless of whether they Enables a service auditor to conclude that a deviation Enables a service auditor to conclude that a deviation affect the opinion. identified when performing tests of controls involving sampling is not representative of the population from which the sample was drawn (anomaly) 13

  14. SAS 70 History: Global Environment l b l • ISAE 3402 - Global • SSAE 16 – U.S. • CSAE 3416 - Canada • CSAE 3416 Canada • DE-IDW PS 951 – Germany • HKSAE 3402 “Assurance Reports on Controls at a Service Organization” – Hong Kong O i ti ” H K • Audit and Assurance Standard (AAF) 1/06 – U.K. • ASAE 3402 “ Assurance Reports on Controls at a Service O Organization” - Australia i ti ” A t li 14

  15. Notable Changes From SAS 70 To SSAE 16 15

  16. Notable Changes From SAS 70 To SSAE 16 (Cont.) 16

  17. Key Change: Management’s Assertion • Management is required to provide a written assertion . o It can be included as a separate section of the report, or o The assertion can be part of the description of the system – appropriately identified as the assertion. o Assertion most often (and recommended to be) on company letterhead Key components of management’s assertion: • o The description of the system fairly presents the system that was designed and implemented throughout the specified period o The controls were suitably designed to achieve the control objectives throughout the specified period, including identifying the risks that threaten the achievement of the control objectives. o The controls operated effectively throughout the period to achieve those control objectives. t l bj ti 17

  18. Key Change: Management’s Assertion (Cont.) • Signing the assertion o No requirement to sign o However most currently issued reports have been signed o However, most currently issued reports have been signed. o May be signed by company or by individuals (most have been individuals) 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Best Practices Preparing for a Shutdown: A Contractors Perspective Presented to: June 25,

Best Practices Preparing for a Shutdown: A Contractors Perspective Presented to: June 25,

Best Practices Preparing for a Shutdown: A Contractors Perspective Presented to: June 25, 2019 Agenda Intro / Who We Are Best Practices Engineering Schedule Pre-Planning with Client Standardization

188 views • 18 slides
2018-07-18 Good reports and presentations are formulaic. Preparing them is a learned skill. They

2018-07-18 Good reports and presentations are formulaic. Preparing them is a learned skill. They

2018-07-18 Good reports and presentations are formulaic. Preparing them is a learned skill. They are not inspiration at midnight. Your raw ideas may be, but their refinement isnt. http://www.cihr-irsc.gc.ca/e/27491.html 1 Common

601 views • 12 slides
Preparing Deposit and Service Reports 50-928C, 4/20/E GoToWebinar employer_education@strsoh.org

Preparing Deposit and Service Reports 50-928C, 4/20/E GoToWebinar employer_education@strsoh.org

State Teachers Retirement System of Ohio Preparing Deposit and Service Reports Preparing Deposit and Service Reports 50-928C, 4/20/E GoToWebinar employer_education@strsoh.org 1 State Teachers Retirement System of Ohio Preparing Deposit and

683 views • 19 slides
Neighborhood Stabilization Program Preparing for Closeout Using DRGR Reports August 2, 2016

Neighborhood Stabilization Program Preparing for Closeout Using DRGR Reports August 2, 2016

U.S. Department of Housing and Urban Development Neighborhood Stabilization Program Preparing for Closeout Using DRGR Reports August 2, 2016 Community Planning and Development Hosts HUD Jessie Handforth Kome John Laswick Ebony

1.01k views • 53 slides
PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida

PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida

PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida Conservation Districts Annual Meeting July 21, 2017 Presented by: Jim Davis, CPA and Monica Scarlett As we proceed, please share your thoughts, experiences

289 views • 14 slides
Preparing for economic downturns Best practices for managing the business cycle Presentation by

Preparing for economic downturns Best practices for managing the business cycle Presentation by

Preparing for economic downturns Best practices for managing the business cycle Presentation by Stephen Bailey, Manager, State Fiscal Health August 22, 2019 About The Pew Charitable Trusts Conducts research and analysis to improve policy,

582 views • 18 slides
Best practices and lessons learned in preparing and implementing an effective public communication

Best practices and lessons learned in preparing and implementing an effective public communication

Zentralanstalt fr Meteorologie und Geodynamik Best practices and lessons learned in preparing and implementing an effective public communication strategy during a nuclear emergency Dr. Gerhard Wotawa, M.A. (Intern. Rel.) ZAMG/Division Data,

232 views • 10 slides
Ethical Challenges in Preparing Ethical Challenges in Preparing Witnesses and Working with Experts

Ethical Challenges in Preparing Ethical Challenges in Preparing Witnesses and Working with Experts

Presenting a live 90 minute webinar with interactive Q&A Ethical Challenges in Preparing Ethical Challenges in Preparing Witnesses and Working with Experts Best Practices to Avoid Unethical Coaching of Lay and Expert Witnesses WEDNES DAY,

666 views • 62 slides
PREPARING INDUSTRIAL ENGINEERING REPORTS EARLE HARTLING, LOS ANGELES COUNTY SANITATION DISTRICT

PREPARING INDUSTRIAL ENGINEERING REPORTS EARLE HARTLING, LOS ANGELES COUNTY SANITATION DISTRICT

PREPARING INDUSTRIAL ENGINEERING REPORTS EARLE HARTLING, LOS ANGELES COUNTY SANITATION DISTRICT JOHN ROBINSON, JOHN ROBINSON CONSULTING, INC WateReuse LA Chapter December 2, 2014 Presentation Overview 1. Conversion Requirements 2. Regulatory

472 views • 21 slides
Mapping EEE reuse and WEEE preparing for reuse practices and initiatives in Greece K. Lasaridi 1*

Mapping EEE reuse and WEEE preparing for reuse practices and initiatives in Greece K. Lasaridi 1*

Mapping EEE reuse and WEEE preparing for reuse practices and initiatives in Greece K. Lasaridi 1* , K. Boikou 1 , K. Kalafata 2 , C. Chroni 1 ,Ch. Angelakopoulos 2 , K. Abeliotis 1 1. Harokopio University, 2. Appliances Recycling S.A. The

339 views • 18 slides
th NATIONAL REPORTS 6 th th th 6 6 6 NATIONAL REPORTS NATIONAL REPORTS NATIONAL REPORTS

th NATIONAL REPORTS 6 th th th 6 6 6 NATIONAL REPORTS NATIONAL REPORTS NATIONAL REPORTS

th NATIONAL REPORTS 6 th th th 6 6 6 NATIONAL REPORTS NATIONAL REPORTS NATIONAL REPORTS OVERVIEW OF PRESENTATION 1. A view toward GBO-5 2. 7 Key issues in 5NR 3. Technical guidance document 4. Data management (excel) 5. Spatial data

626 views • 24 slides
Preparing students for global-mindedness through ELT: Integrating global issues into classroom

Preparing students for global-mindedness through ELT: Integrating global issues into classroom

Preparing students for global-mindedness through ELT: Integrating global issues into classroom practices Nguyen Thi Bich Diep, M.A. Foreign Trade University, Hanoi Outline Introduction Globalization and the need for preparing students

371 views • 16 slides
Credit Reports and Scores: Practices, Policies and Outcomes Chi Chi Wu cwu@nclc.org Financial

Credit Reports and Scores: Practices, Policies and Outcomes Chi Chi Wu cwu@nclc.org Financial

11/16/2012 Credit Reports and Scores: Practices, Policies and Outcomes Chi Chi Wu cwu@nclc.org Financial Education in Oklahoma November 7, 2012 National Consumer Law Center Legal resource center on consumer law issues focusing on

664 views • 16 slides
Overdraft Fee and Credit Card Practices: Overdraft Fee and Credit Card Practices: New Regulations

Overdraft Fee and Credit Card Practices: Overdraft Fee and Credit Card Practices: New Regulations

Presenting a live 90 minute webinar with interactive Q&A Overdraft Fee and Credit Card Practices: Overdraft Fee and Credit Card Practices: New Regulations and Litigation Trends Minimizing Litigation Exposure and Preparing for Heightened

1.4k views • 80 slides
Audit Reports Guide Table of Contents Audit Reports Available Reports Accessing

Audit Reports Guide Table of Contents Audit Reports Available Reports Accessing

Audit Reports Guide Table of Contents Audit Reports Available Reports Accessing Reports Viewing Reports Audit Attestation What to Review How to Attest Technical Information 2 Audit Reports As

564 views • 17 slides
DATAIR DC/Win Reports Webinar 6/28/2007 DC/Win Reports Report Setup DC/Win Reports Report

DATAIR DC/Win Reports Webinar 6/28/2007 DC/Win Reports Report Setup DC/Win Reports Report

DATAIR DC/Win Reports Webinar 6/28/2007 DC/Win Reports Report Setup DC/Win Reports Report Setup Creates the default settings for printing reports Per workstation, not global on network Will not change any preset groups

64 views • 5 slides
State-of-the-Art for Small Satellite Propulsion Systems Khary I. Parker NASA/Goddard Space

State-of-the-Art for Small Satellite Propulsion Systems Khary I. Parker NASA/Goddard Space

State-of-the-Art for Small Satellite Propulsion Systems Khary I. Parker NASA/Goddard Space Flight Center 2 nd Planetary CubeSat Science Institute NASA/Goddard Space Flight Center Greenbelt, MD September 26, 2017 Agenda State-of-the-Art

301 views • 18 slides
How intelligent is artificial intelligence? On the surprising and mysterious secrets of deep

How intelligent is artificial intelligence? On the surprising and mysterious secrets of deep

How intelligent is artificial intelligence? On the surprising and mysterious secrets of deep learning Vegard Antun (UiO) Anders C. Hansen (Cambridge, UiO) Joint work with: B. Adcock (SFU), M. Colbrook (Cambridge) N. Gottschling

946 views • 67 slides
WMSCR SWIM Presented to: Demonstration and Prototyping Information Exchange Briefing By:

WMSCR SWIM Presented to: Demonstration and Prototyping Information Exchange Briefing By:

Federal Aviation Administration WMSCR SWIM Presented to: Demonstration and Prototyping Information Exchange Briefing By: <WMSCR SWIM June 3, 2009 Date: Description The Weather Message Switching Center Replacement System (WMSCR)

444 views • 12 slides
Conditional Award of 2016 Seal of Approval (VOTE) HEATHER CLORAN Associate Director of Program

Conditional Award of 2016 Seal of Approval (VOTE) HEATHER CLORAN Associate Director of Program

Conditional Award of 2016 Seal of Approval (VOTE) HEATHER CLORAN Associate Director of Program and Product Strategy ASHLEY HAGUE Deputy Executive Director, Strategy and External Affairs BRIAN SCHUETZ Director of Program and Product Strategy

459 views • 35 slides
Rec ecen ent C Chan anges es t to S SOC C Rep eportin ing S Stan andar ards ds: Wha

Rec ecen ent C Chan anges es t to S SOC C Rep eportin ing S Stan andar ards ds: Wha

Rec ecen ent C Chan anges es t to S SOC C Rep eportin ing S Stan andar ards ds: Wha hat Y You ou Shou Should K Kno now a and nd How to Pr o Prepa pare June 28, 28, 20 2018 Troy Fine ine - Ma Manager, Ri Risk Advi

699 views • 45 slides
Presentation to the NSW Legislative Council Standing Committee on Soc~al Issues Inquiry into

Presentation to the NSW Legislative Council Standing Committee on Soc~al Issues Inquiry into

Presentation to the NSW Legislative Council Standing Committee on Soc~al Issues Inquiry into homelessness and low-cost rental accommodation Nazha Saad Chief Executive QReer Fridayl9 June 2009 SGCH - A snapshot Established in 1985 Over 2,600

481 views • 13 slides
Eduardo Gandara LEARNING OUTCOMES Introduced to the SOC Program Brief History of SOC

Eduardo Gandara LEARNING OUTCOMES Introduced to the SOC Program Brief History of SOC

Sustainable Office Certification (SOC) Presented By: Eduardo Gandara LEARNING OUTCOMES Introduced to the SOC Program Brief History of SOC Program Learn about the SOC Programs process Areas for improvement Goals for the SOC

569 views • 27 slides
Battery modeling Presentation Battery modeling Presentation MengJie Huang Cheng Ru Chang

Battery modeling Presentation Battery modeling Presentation MengJie Huang Cheng Ru Chang

Battery modeling Presentation Battery modeling Presentation MengJie Huang Cheng Ru Chang Cheng Ru Chang A new BMS system based on cell redundancy Antonio Manenti, Andrea Abba, Alessandro Merati, Sergio M. Savaresi IEEE Transactions on

733 views • 38 slides

More recommend