BC54: Preparing for a SAS 70 Audit
|
|
- Justin Berry
- 8 years ago
- Views:
Transcription
1 BC54: Preparing for a SAS 70 Audit Kathleen Lucey Montague Risk Management kalucey@montaguetm.com tel:
2 What is SAS 70? History and Purpose What does it include? Type 1 vs. Type 2 Grades Audit Preparation Process Cost estimates References 2
3 SAS 70 History Statement on Auditing Standards (SAS) No. 70, Service Organizations: American Institute of Certified Public Accountants (AICPA). April May 2005 AICPA Guidance: Service Organizations, Applying SAS No. 70, as Amended Other relevant standards: Auditing Standard AS 2, PCAOB: Appendix B: SAS 70 service auditor s report format satisfies requirement to assess operating effectiveness of controls at a service organization. Auditing Standard AS 5, PCAOB, July Guidance on most important matters for internal controls auditing. Appendix B17-B27 notes the important role played by SAS 70 audit reports in assuring the operating effectiveness of internal controls at a service organization. Supports Section 404 of SOX. ISAE 3402, IAASB, Assurance Reports on Controls at a Third Party Service Organization, December 2007 draft. 3
4 SAS 70 Audit Purpose Not required by any government agency. Generally requested by services users (customers) whose SOX 404 auditors ask them to request it. The audited firm itself determines the specific content: control objectives and implementing controls; complementary controls. Safe and Sound audit: gives third-party validation that provided service is reliable. 4
5 SAS 70 Audit Purpose The primary purpose of a SAS 70 audit is SALES: INCREASED MARKET SHARE OR COMPETITIVE ADVANTAGE. 5
6 Type 1 vs. Type 2 Type 1 audits presence and effectiveness of controls supporting designated control objectives at a single point in time: snapshot. Type 2 audits presence and effectiveness of controls supporting designated control objectives over an appropriate interval generally 6-9 months. 6
7 SAS 70 Grades No qualifications = controls are complete and achieve their objectives. One or more qualifications = one or more controls are not complete and/or do not achieve their objectives. No opinion: Too few controls and/or too little data to evaluate control effectiveness in designated areas. No bright line between multiple qualifications and No opinion. 7
8 Preparing for a SAS 70 Audit Select Organizational areas to be audited: Must cover all departments and physical locations that could reasonably affect the correctness and reliable delivery of services to customers. The entire organization may not need to be audited. May lead to a request for a SAS 70 audit from one or more critical suppliers to the services provider. Consider conducting a pre-audit by an external firm to ascertain the level of company preparedness. 8
9 Preparing for a SAS 70 Audit Write and implement policies and procedures as necessary to support controls. Ensure that sufficient personnel are assigned to support their use. Be prepared to demonstrate the effectiveness of controls, as well as how they interlock. Be prepared to demonstrate effectiveness in writing, and especially in reports from automated systems. 9
10 Preparing for a SAS 70 Audit (more) Allocate staff or contract resources to perform audit preparation and pre-audit assessment team support. Interview and select pre-audit test firm. Schedule pre-audit assessment. Assess audit readiness; decide whether to proceed. Interview and select audit firm to perform SAS 70 audit. Schedule. Allocate staff support. Allocate additional staff or contract resources to support full SAS 70 audit (more for Type 2 than for Type 1). 10
11 Sample Control Objective Areas Organization and Administrative Controls Computer Operations Controls Program Development and Documentation Controls 11
12 Sample Control Objective Areas Physical Security Controls Environmental Protection Controls Logical Security Controls 12
13 Sample Control Objective Areas System Software Maintenance Controls Disaster Recovery and Business Continuity Controls Telecomm & Network Controls 13
14 Finding a SAS 70 Audit Firm Cannot be your usual auditor. If the auditor is not a recognized name, the value of the audit decreases. Choose one that is known in your services market. Get references from any firm being considered. Talk to the references. Ask about pricing. 14
15 Expense Elements 1. Preparation and support activities by internal or contract staff. 2. Pre-audit assessment by external audit firm. 3. Preparation: loss of productivity of internal staff, or cost of contract staff. If the organization if immature, this can be very expensive. 4. Type 2 is much more expensive than Type 1. Consider doing a Type 1 while you prepare for a Type Purchase and implementation of enabling tools: software, equipment, training, additional staff. 15
16 Expense Elements 6. Additional staff to support more robust control environment: this can be particularly expensive in less formal, less mature organizations. 7. Dedicated staff (internal or contract) to support auditors throughout the audit. 8. Audit firm engagement. 16
17 In summary 1. Do not automatically commit to provide a SAS 70 audit in order to get a contract signed. The cost may be more than the value of the contract. 2. Spend the time to calculate the realistic costs of obtaining a no qualifications SAS 70 audit for your firm. It may not be to your advantage to do a SAS 70 audit if your company culture is not mature. 3. If you do not have experience in this area, accept that you need to learn from experienced people. 4. A SAS 70 audit may provide a strategic competitive advantage ---or it may not. It depends on your market. It is too costly to take on without serious thought. 17
18 References Industry Organization Website American Institute of Certified Public Accountants AICPA source for official SAS 70 and other auditing publications International Auditing and Assurance Standards Board Information Systems Audit and Control Association IT Governance Institute. Home of the Control Objectives for Information and related Technology (CobIT) Public Company Accounting Oversight Board Securities and Exchange Commission
STAFF QUESTIONS AND ANSWERS
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF QUESTIONS AND ANSWERS AUDITING INTERNAL CONTROL OVER FINANCIAL REPORTING Summary: Staff
More informationG24 - SAS 70 Practices and Developments Todd Bishop
G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS
More informationFarewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting
Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative
More informationMHM S PERSPECTIVE: CHANGES COMING TO SAS 70.KNOW THE FACTS
Mayer Hoffman McCann P.C. An Independent CPA Firm MHM S AUDITING PERSPECTIVE: STANDARD NO. 5 Since its issuance in 1992, the American Institute of Certified Public Accountants (AICPA) Statement on Auditing
More informationWeighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers
Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye
More informationNavigating the Standards for Information Technology Controls
Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley
More informationG24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP
G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the
More informationFeeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770
Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com SAS 70 Background 2 SAS No. 70 Reports on the Processing of Transactions by Service Organizations Independent examination
More informationISACA is responding to the PCAOB questions principally from an information technology (IT) perspective.
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 17 December 2007 Office of the Secretary Public
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING AUDIT CONFIRMATIONS APRIL 2, 2009 Introduction Confirmations
More information,Ad; L PCAOB. IOPA conducted the review to determine whether the PCAOB is considering succession planning consistent with good business practices.
PCAOB Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org May 5,2009 The Honorable Mary L. Schapiro Chairman
More informationE2E Project Management Process Governance (Electric Capital)
Attachment AG-1-8-10 Page 1 of 10 E2E Project Management Process Governance (Electric Capital) Report No. 1332 Final Distribution Final Report Audit Team: Report Grading: Number of Findings: Date of issue
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More information) ) ) ) ) ) ) ) ) ) ) )
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 PROPOSED AUDITING STANDARD RELATED TO CONFIRMATION AND RELATED AMENDMENTS TO PCAOB STANDARDS ) ) ) ) ) ) ) )
More informationWeighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers
Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye
More information26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Ms. Nancy M. Morris, Secretary
More informationAudit of the UNESCO Data Center. Internal Oversight Service. Contributors: Sameer Pise Prashant Sharma. IOS/AUD/2010/09 Original: English.
Independent auditor report on the result of the UNESCO s Data Center Audit 1 Internal Oversight Service IOS/AUD/2010/09 Original: English Audit of the UNESCO Data Center June 2010 Contributors: Sameer
More informationBASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization
August 2010 BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization This Basis for Conclusions has been prepared by staff of the Auditing
More informationConsultation Response
Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.
More informationUnderstanding SAS 70 Reports on Internal Control
Understanding SAS 70 Reports on Internal Control PwC Agenda Internal Control Reporting: A Focus on SAS 70 Trends affecting internal control reporting Discussion points for Mutual Fund Directors with management
More informationThe Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011
The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 Table of Contents A Short History of SAS 70 Overview of SSAE 16 and ISAE 3402
More informationInformation Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer
Information Security Management Systems Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer atsec information security, 2013 ISO/IEC 27001 and related
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationSAS 70 Exams Of EBT Controls And Processors
Appendix VIII SAS 70 Examinations of EBT Service Organizations Background States must obtain an examination by an independent auditor of the State electronic benefits transfer (EBT) service providers (service
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationOctober 1, 2015. Ms. Sherry Hazel American Institute of Certified Public Accountants 1211 Avenue of the Americas, 19 th Floor New York, NY 10036-8775
Deloitte & Touche LLP 695 E Main Street Stamford, CT 06901-2150 Tel: +1 203 761 3000 Fax: +1 203 761 3013 www.deloitte.com October 1, 2015 Ms. Sherry Hazel American Institute of Certified Public Accountants
More informationIT Risk Assessment Action Plan. South Staffordshire District Council Audit 2010/11
IT Risk Assessment Action Plan South Staffordshire District Council Audit 2010/11 The Audit Commission is a public corporation set up in 1983 to protect the public purse. The Commission appoints auditors
More informationIT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)
IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements
More informationNovember 21, 2013. Public Company Accounting Oversight Board 1666 K Street Washington, DC 20006
November 21, 2013 Public Company Accounting Oversight Board 1666 K Street Washington, DC 20006 International Auditing and Assurance Standards Board 529 Fifth Avenue, 6 th Floor New York, NY 10017 Via upload
More informationSound Transit Internal Audit Report - No. 2014-6
Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background
More informationUpdate on AICPA Assurance Services Executive Committee Activities
Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA Agenda ASEC overview Summary of work streams by
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationMORRISON I FOERSTER. Legal Updates & News. A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean
MORRISON I FOERSTER Legal Updates & News Legal Updates A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean Related Practices: Sourcing The worlds of outsourcing
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING RESPONSIBILITIES OF THE PRINCIPAL AUDITOR APRIL 7-8, 2010 Introduction
More informationDisaster Recovery and Business Continuity Plan
Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationInspection Observations Related to PCAOB Rules and Auditing Standards on Communications with Audit Committees
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org Inspection Observations Related to PCAOB Rules and Auditing Standards on Communications with
More informationOFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationAudit Committee Charter Altria Group, Inc. In the furtherance of this purpose, the Committee shall have the following authority and responsibilities:
Audit Committee Charter Altria Group, Inc. Membership The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Altria Group, Inc. (the Company ) shall consist of at least three directors
More informationPrüfung von Outsourcing mit SAS70
Prüfung von Outsourcing mit SAS70 AGENDA Historical flashback Reasons for the standard Major contents Potential areas of SAS 70 application Audit approach and Responsibility Client and Service Provider
More informationCOSO 2013 Internal Control Framework
COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What
More informationService Organization Control (SOC) Reports
Service Organization Control (SOC) Reports Transitioning from SAS 70 to SSAE 16 Deloitte & Touche LLP Agenda Overview SAS 70/SSAE 16 Historical Perspective The New Framework Under SSAE 16 (SOC 1) Impact
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationPlease feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.
17 May 2012 International Internal Audit Standards Board Via e-mail: Lily.Bi@theiia.org Re: Definition of Internal Auditing Ms. Lily Bi, CIA, CISA, CGEIT Director, Standards and Guidance The Institute
More informationChapter 3: Audit of business Continuity plan... 3 Learning Objectives... 3 3.1 Introduction... 3 3.2 Steps of BCP Process... 3 3.2.
Chapter 3: Audit of business Continuity plan... 3 Learning Objectives... 3 3.1 Introduction... 3 3.2 Steps of BCP Process... 3 3.2.1 Step 1: Identifying the mission or business-critical functions... 4
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationGuide to Understanding SAS 70 Reports
Guide to Understanding SAS 70 Reports Authors: Norm Parkerson, Business Advisory Services Executive Director and Brett Williams, Business Advisory Services Partner In today s global economy, service organizations
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationUnderstanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016
Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we
More informationISO 9001:2015 Management System Training ISO 9001:2015 QMS Lead Auditor
ISO 9001:2015 Management System Training ISO 9001:2015 QMS Lead Auditor Cavendish Scott, Inc. 984 S. Vine St. Denver, CO. 80209 Tel. 303 480 0111 www.cavendishscott.com training@cavendishscott.com Course
More informationSAS No. 70, Service Organizations
SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING BROKER-DEALER AUDIT CONSIDERATIONS JULY 15, 2010 Introduction
More informationTHE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT
THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT White Paper www.a3freightpayment.com THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT Introduction An essential element
More informationISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls
ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview of service organisation control reports Service organisation
More informationMASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2
MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...
More informationBedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 9 September 2014 Item No. 6
For Publication Bedfordshire Fire Rescue Authority Corporate Services Policy Challenge Group 9 September 2014 Item No. 6 REPORT AUTHOR: SUBJECT: ASSISTANT CHIEF OFFICER (HUMAN RESOURCES AND ORGANISATIONAL
More informationDefining Issues. SEC Permits Crowdfunding and Proposes Rules for Regional Securities Offerings. November 2015, No. 15-51. Key Facts.
Defining Issues November 2015, No. 15-51 SEC Permits Crowdfunding and Proposes Rules for Regional Securities Offerings The SEC adopted final crowdfunding rules that permit start-ups and small companies
More informationValuing and Reporting Plan Investments
Valuing and Reporting Plan Investments PLAN ADVISORY Table of Contents Introduction 2 Your Responsibility for Reporting Plan Investments 3 Your Responsibility for Valuing Investments and Establishing
More informationChapter 04. Board of Public Accountancy.
Chapter 04. Board of Public Accountancy. (Words in boldface and underlined indicate language being added; words [CAPITALIZED AND BRACKETED] indicate language being deleted. Complete new sections are not
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationAsset Manager Guide to SAS 70. Issue Date: October 7, 2007. Asset
Asset Manager Guide to SAS 70 Issue Date: October 7, 2007 Asset Management Group A s s e t M a n a g e r G u i d e SAS 70 Table of Contents Executive Summary...3 Overview and Current Landscape...3 Service
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationRE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards
May 12, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 20006-2803 RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment
More informationEffective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions
PLAN ADVISORY Effective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions PLAN ADVISORY Table of Contents Introduction 3 Selecting and Monitoring Third-Party Service Providers 4 Quality
More informationSage FAS Fixed Assets I White Paper
I White Paper Fixed Asset Manager s Guide to Sarbanes-Oxley Compliance Safeguards and Features in Sage FAS Fixed Asset Management Solutions Table of Contents Executive Summary... 3 Sarbanes-Oxley Act Background...
More informationSarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers
Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................
More information) ) ) ) ) ) ) ) ) ) ) )
1666 K Street, NW Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org AUDITING STANDARD No. 16 COMMUNICATIONS WITH AUDIT COMMITTEES; RELATED AMENDMENTS TO PCAOB STANDARDS;
More informationThis report is to provide Audit Committee with the terms of reference for an audit project included in the 2007 Audit Work Plan.
Terms of Reference - Audit Project Date: September 5, 2007 STAFF REPORT INFORMATION ONLY To: From: Wards: Audit Committee Jeff Griffiths, Auditor General All Reference Number: SUMMARY This report is to
More informationService Organization Control Reports
SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences
More informationSecurity audit advice For holders of all remote gambling operator licences including specified remote lottery licences
Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences July 2015 1 Introduction 1.1 This July 2015 advice is updated from the previously
More informationHow Varonis Can Help With Efforts Toward Sarbanes-Oxley Compliance
How Varonis Can Help With Efforts Toward Sarbanes-Oxley Compliance OVERVIEW This document provides a brief overview of the Sarbanes-Oxley Act, (Sections ), the impact of SOX on IT Departments, and the
More informationGuide to Public Company Auditing
Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues
More informationThe end of SAS70 what next for Performance Assurance?
Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need
More informationFrequently asked questions: SOC 2 and 3
1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same
More informationSTAFF QUESTIONS AND ANSWERS
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org Page 1 of 11 STAFF QUESTIONS AND ANSWERS ATTEST ENGAGEMENTS REGARDING XBRL FINANCIAL INFORMATION
More informationProject Management and ITIL Transitions
Project Management and ITIL Transitions April 30 th 2012 Linda Budiman Director CSC 1 Agenda Thought Leadership: Linda Budiman What is ITIL & Project Management: Applied to Transitions Challenges & Successes:
More informationSERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements
More informationCertified Software Quality Assurance Professional VS-1085
Certified Software Quality Assurance Professional VS-1085 Certified Software Quality Assurance Professional Certified Software Quality Assurance Professional Certification Code VS-1085 Vskills certification
More information2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP
2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.
More informationAudit and Permitted Non-Audit Services Pre-Approval Policy (Pertaining to the Company s Independent Auditor)
Audit and Permitted Non-Audit Services Pre-Approval Policy (Pertaining to the Company s Independent Auditor) Statement of Principles Pursuant to the Sarbanes-Oxley Act of 2002 (the Act ) and in accordance
More informationComprehensive Update on Generally Accepted
Comprehensive Update on Generally Accepted Auditing Standards (GAAS) Presented by Charles W. Hester CPA, CFF, FCPA, CGFM, CFE, CFS Course Objectives Participants will gain a greater understanding of: Applying
More informationCloud Computing Risk Assessment
Cloud Computing Risk Assessment A Case Study Sailesh Gadia, CISA, ACA, CPA, CIPP, is a director/senior manager at KPMG s advisory practice in Minneapolis, Minnesota, USA. He has an extensive background
More informationHow To Get A Tech Startup To Comply With Regulations
Agile Technology Controls for Startups a Contradiction in Terms or a Real Opportunity? Implementing Dynamic, Flexible and Continuously Optimized IT General Controls POWERFUL INSIGHTS Issue It s not a secret
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationMs. Debbie Davenport Auditor General Office of the Auditor General 2910 North 44 th Street, Suite 410 Phoenix, Arizona 85018. Dear Ms.
Janet Napolitano Governor ARIZONA DEPARTMENT OF ECONOMIC SECURITY 1717 W. Jefferson P.O. Box 6123 Phoenix, AZ 85005 David A. Berns Director Ms. Debbie Davenport Auditor General Office of the Auditor General
More informationOfficial Audit Report Issued July 14, 2011
Official Audit Report Issued July 14, 2011 Information Technology Controls Pertaining to Business Continuity Planning for the Office of the State Treasurer and Receiver General For the period January 1,
More informationRisk & Assurance. Tailored to your needs. Internal audit solutions
Risk & Assurance Tailored to your needs Internal audit solutions Internal audit solutions The need for internal audit has never been as urgent as it is today. Unmanaged risks can literally cause the demise
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationThe CMDB at the Center of the Universe
The CMDB at the Center of the Universe Reg Harbeck CA Wednesday, February 27 Session 5331 Purpose Clarify origin of CMDB concept and what it is Understand difference and equivalence between CMDB and Asset
More informationGoodbye, SAS 70! Hello, SSAE 16!
Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70
More informationAuditing CPA EXAM REVIEW V 1.0
V 1.0 CPA EXAM REVIEW Auditing UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1.877.CPA. EXAM (Outside the U.S. +1.630.472.2213)
More informationInvestor Sub Advisory Group GOING CONCERN CONSIDERATIONS AND RECOMMENDATIONS. March 28, 2012
PCAOB Investor Sub Advisory Group GOING CONCERN CONSIDERATIONS AND RECOMMENDATIONS March 28, 2012 Auditing standards requiring auditors to issue going concern opinions have existed for several decades.
More information7 key considerations in selecting a colocation provider
1 / 9 7 key considerations in selecting a colocation provider CONSIDERATIONS CHECKLIST 2 / 9 Executive Summary Faced with the need to optimize, every aspect of their department, IT organizations are recognizing
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationPCAOB. The Honorable Christopher Cox Chairman Securities and Exchange Commission 100 F Street, NE Washington, DC 20549
PCAOB Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org December 15, 2006 The Honorable Christopher
More informationCERTIFIED PUBLIC ACCOUNTANT LICENSING ACT
CERTIFIED PUBLIC ACCOUNTANT LICENSING ACT 58-26a-101. Short title. This chapter is known as the "Certified Public Accountant Licensing Act." 58-26a-102. Definitions. In addition to the definitions in Section
More informationFixed Asset Manager s Guide to Sarbanes-Oxley Compliance
Fixed Asset Manager s Guide to Sarbanes-Oxley Compliance Safeguards and features in FAS fixed asset management solutions October 2005 www.imsolutions.net Toll Free 877.208.1175, Facsimile 727.797.6181
More informationHow To Understand The Benefits Of An Internal Audit
Practice Guide Reliance by Internal Audit on Other Assurance Providers DECEMBER 2011 Table of Contents Executive Summary... 1 Introduction... 1 Principles for Relying on the Work of Internal or External
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More information