Prüfung von Outsourcing mit SAS70
|
|
- Phillip Walters
- 8 years ago
- Views:
Transcription
1 Prüfung von Outsourcing mit SAS70 AGENDA Historical flashback Reasons for the standard Major contents Potential areas of SAS 70 application Audit approach and Responsibility Client and Service Provider benifits Presented by Tamer Basman, CISA Seite 1 Historical flashback I As early as the 1960 s the Auditing Standards Board recognized the need for service providers to report on their controls to their customers (the users ) Historically, a CPA s primary service was the audit of financial services Generally Accepted Auditing Standards (GAAS) was created to provide uniform standards for the profession GAAS was promulgated via Statements on Auditing Standards (or SAS) (pre-sox) All SAS s collectively have been codified in the AICPA literature in the AU (short for audit ) series of pronouncements AICPA=American Institute of Certified Public Accountants Seite 2 1
2 Historical flashback II The concept of Internal Control is fundamental to an audit of Financial Statement (F/S) SAS 55 first documented standards for the auditor s consideration of Internal Controls (I/C) in a F/S audit SAS 78 updated SAS 55 to incorporate the COSO framework SAS 94 updated SAS 55/78 to reflect the impact of current technologies on I/C These SASs are codified in Section AU319 SAS 70 is codified in GAAS as section AU 324 COSO:Committee of Sponsoring Organizations of the Treadway Commission Seite 3 Reasons for the standard I Applying a Service Organization to a User Organization Service Organization Services Provided Scope of a SAS 70 Report Services Outsourced User Organization Seite 4 2
3 Reasons for the standard II The early service providers were computer service bureaus, offering single applications The F/S auditor of a user of a service provider is NOT relieved of their professional responsibilities under AU319 Internal Controls at the service provider that relate to the financial statements of the user organization must still be considered Seite 5 Reasons for the standard III What is SAS 70? An audit conducted in accordance with Statement on Auditing Standard (SAS) No. 70 is a highly specialized audit of the design and operational effectiveness of a service organization s internal controls over processing transactions for user organizations. A report issued by an independent auditor under Statement on Auditing Standards No. 70 Covers controls exercised by a service organization on behalf of its customers Relates to the user organization s financial statement assertions SOX 404 Audit relevance Seite 6 3
4 Major contents I Parties involved in SAS 70 Company A (Service Organization) CPA Firm (Service Auditor) Company A s Customers (User Organizations and Internal Auditors) CPA Firm (User Organization Third Party Auditor) Seite 7 Major contents II Audit approach Control environment Risk assessment Information and communication systems Monitoring Control Activities COSO Framework is also adopted by the PCAOB Standard No.2 refer to PCAOB p.a-11, paragraph 14 SAS 70 recognizes COSO Framework refer to AICPA Audit Guide(May 2004) par 2.17 and 2.28 Seite 8 4
5 Major contents III Audit approach COSO Framework Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people Risk Assessment Every entity faces a variety of risks from external and internal sources that must be assessed both at the entity and the activity level Control Activities These policies and procedures help ensure management directives are carried out Information and Communication Pertinent information must be identified, captured and communicated in a form and timeframe that supports all other control components Monitoring Internal control systems need to be monitored a process that assesses the quality of the system s performance over time Seite 9 Major contents IV SAS 70 Report Components Report Contents Type I Type II 1. Independent service auditor's report (i.e. opinion). 2. Service organization's description of controls. 3. Information provided by the independent service auditor; includes a description of the service auditor's tests of operating effectiveness and the results of those tests. 4. Other information provided by the service organization (e.g. glossary of terms). Optional Optional Optional Seite 10 5
6 Potential areas of SAS 70 application Application Service Providers Medical Claims Processing Employee Benefits Processing Banking Service Bureaus Credit Card Processing Internet Service Providers Trust Departments of banks and insurance companies Transfer agents, custodians or record-keepers for investment companies Mortgage services or depository institutions that service loans for others Regional Transmission Organizations Seite 11 Responsibility I Report Sections and Responsibility I. SECTION Independent Service Auditors Report II. Company A Description of Controls and Procedures RESPONSIBILITY External Auditor (Service Provider) Service Provider III. Tests of Operating Effectiveness External Auditor (Service Provider) IV. Other Information Provided by Company A (Optional) Service Provider Seite 12 6
7 Responsibility II Refer to AICPA Audit Guide (May 2004) Section 4.05 to 4.28 The Service Provider is responsible for: Determining control objectives Providing description of internal controls Determining the report type Communicating significant changes to environment The Service auditor is responsible for: Being independent first and foremost Determining appropriateness of control objectives Examining description of controls Conducting appropriate tests of controls Expressing an opinion Seite 13 Client and Service Provider benifit To reduce disruption from multiple user audits Communicate information about the service provider s internal control s SAS reports are for the benefit of our client, their customers and their customers auditors only. Seite 14 7
8 Questions and Answers? Contact: Tamer Basman Seite 15 8
SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Sigma Technology Partners offers its clients number of assurance services including SAS 70 Type I and SAS 70 Type II audits. Our team of CPA s, CISA s
More informationGUIDELINES FOR AUDITS OF COUNTY AND CITY HOSPITALS BY INDEPENDENT CERTIFIED PUBLIC ACCOUNTING FIRMS
GUIDELINES FOR AUDITS OF COUNTY AND CITY HOSPITALS BY INDEPENDENT CERTIFIED PUBLIC ACCOUNTING FIRMS ISSUED JUNE 2002 INTRODUCTION On March 21, 2002, Public Law 91, 2002 amended IC 16-22-3-12 to allow county
More informationSAS No. 70, Service Organizations
SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing
More informationCOSO 2013 Internal Control Framework
COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What
More information.OR.AT.ATTORNEY.AUCTION.BARGAINS.BAYERN.BERLIN.BLACKFRIDAY.BOUTIQUE.BRUSSELS.BUILDERS
.AC.BIO.RESTAURANT.APARTMENTS.CASINO.SCHOOL.KIM.ACADEMY.ACCOUNTANTS.ACTOR.ADULT.AE.AERO.AG.AGENCY.AIRFORCE.ARCHI.ARMY.ASIA.ASSOCIATES.AT.CO.AT.OR.AT.ATTORNEY.AUCTION.AUDIO.BAND.BANK.BAR.BARGAINS.BAYERN.BE.BEER.BERLIN.BID.BIKE.BINGO.BIZ.BLACK.BLACKFRIDAY.BLUE.BOUTIQUE.BRUSSELS.BUILDERS.BUSINESS.BZ.CO.BZ.COM.BZ.ORG.BZ.CAB.CAFE.CAMERA.CAMP.CAPITAL.CARDS.CARE.CAREERS.CASA.CASH.CATERING.CC.CENTER.CH.CHAT.CHEAP.CHRISTMAS
More informationMonitoring Outside Service Providers, Part III: SAS 70 Updates
Monitoring Outside Service Providers, Part III: SAS 70 Updates Richard F. Fischer, CPA Louis Plung & Company, LLP richard.fischer@louisplung.com 412-281-8771 CHANGES TO SAS 70 SERVICE ORGANIZATIONS: Statement
More informationTHE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT
THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT White Paper www.a3freightpayment.com THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT Introduction An essential element
More informationG24 - SAS 70 Practices and Developments Todd Bishop
G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS
More informationUnderstanding SAS 70 Reports on Internal Control
Understanding SAS 70 Reports on Internal Control PwC Agenda Internal Control Reporting: A Focus on SAS 70 Trends affecting internal control reporting Discussion points for Mutual Fund Directors with management
More informationP L A N A D V I S O R Y. The Importance of Internal Controls in Financial Reporting and Safeguarding Plan Assets
P L A N A D V I S O R Y The Importance of Internal Controls in Financial Reporting and Safeguarding Plan Assets P L A N A D V I S O R Y Table of Contents Introduction 3 Why Internal Control Is Important
More informationWRITTEN TESTIMONY OF AICPA EMPLOYEE BENEFIT PLAN AUDIT QUALITY CENTER EXECUTIVE COMMITTEE
WRITTEN TESTIMONY OF AICPA EMPLOYEE BENEFIT PLAN AUDIT QUALITY CENTER EXECUTIVE COMMITTEE BEFORE THE ERISA ADVISORY COUNCIL REGARDING OUTSOURCING EMPLOYEE BENEFIT PLAN SERVICES AUGUST 19, 2014 The Employee
More informationTIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization
November 2011 AICPA Technical Practice Aids TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization.01 New Standards for Service Auditors and User Auditors Inquiry Did the issuance
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationGAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office
GAO United States Government Accountability Office By the Comptroller General of the United States December 2011 Government Auditing Standards 2011 Revision GAO-12-331G GAO United States Government Accountability
More informationThere are a number of reasons why more and more organizations
Christopher G. Nickell and Charles Denyer Statement on Auditing Standard No. 70 (SAS 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants
More informationService Organization Control (SOC) Reports
Service Organization Control (SOC) Reports Transitioning from SAS 70 to SSAE 16 Deloitte & Touche LLP Agenda Overview SAS 70/SSAE 16 Historical Perspective The New Framework Under SSAE 16 (SOC 1) Impact
More informationRECKENEN FOCUS ON SAS 70 & SSAE 16
RECKENEN FOCUS ON SAS 70 & SSAE 16 Hassan Sultan, CPA Managing Director 3001 Park Center Drive Suite 1000 Alexandria, VA 22302 Phone (703) 249 4509 Email hsultan@reckenen.com SAS 70 & SSAE 16 Overview
More informationObtaining Quality Employee Benefit Plan Audit Services: The Request for Proposal and Auditor Evaluation Process
Obtaining Quality Employee Benefit Plan Audit Services: The Request for Proposal and Auditor Evaluation Process The AICPA Employee Benefit Plan Audit Quality Center has prepared this document to assist
More informationSpecial Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)
Special Considerations---Audits of Group Financial Statements 621 AU-C Section 600 Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Source: SAS No.
More informationEffective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions
PLAN ADVISORY Effective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions PLAN ADVISORY Table of Contents Introduction 3 Selecting and Monitoring Third-Party Service Providers 4 Quality
More informationNavigating the Standards for Information Technology Controls
Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley
More informationAudit Considerations Relating to an Entity Using a Service Organization
Audit Considerations Relating to an Entity 349 AU-C Section 402 Audit Considerations Relating to an Entity Using a Service Organization Source: SAS No. 122; SAS No. 128. Effective for audits of financial
More informationSOX105. Sarbanes-Oxley for Dummies- 20 hours. Objectives
SOX105 Sarbanes-Oxley for Dummies- 20 hours Objectives In plain English, this completely reliable handbook walks you through the new and revised SOX laws, introduces compliance strategies for changed and
More informationMORRISON I FOERSTER. Legal Updates & News. A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean
MORRISON I FOERSTER Legal Updates & News Legal Updates A Guide to the Impact of SAS 70 on Outsourcing Projects January 2008 by Alistair Maughan, Susan McLean Related Practices: Sourcing The worlds of outsourcing
More informationAt a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.
At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new
More informationGuide to Public Company Auditing
Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues
More informationCopyright 2015, American Institute of Certified Public Accountants, Inc. All Rights Re... STATEMENT ON STANDARDS FOR CONSULTING SERVICES
Page 1 of 7 Consulting Services CS Section STATEMENT ON STANDARDS FOR CONSULTING SERVICES Statements on Standards for Consulting Services are issued by the AICPA Management Consulting Services Executive
More informationEmployee Benefit Plans Financial Statement Audits
Employee Benefit Plans Financial Statement Audits Plan Advisory The AICPA EBPAQC is a firm-based, volunteer membership center created with the goal of promoting quality employee benefit plan audits. Center
More informationFS Regulatory Brief SEC Proposes Amendments to Broker- Dealer Financial Reporting Rule
SEC Proposes Amendments to Broker- Dealer Financial Reporting Rule Amendments call for brokerdealers assertion of compliance with the Financial Responsibility Rules, new reviews by independent auditors,
More informationSAS 70: A Strategic Advantage in Challenging Times
SAS 70: A Strategic Advantage in Challenging Times By Andrew Pinnero, CISA Deborah Lambert, CPA, CPCU James Murphy, CPA Setting: Your office a typical day These are tough economic times for insurance industry
More informationSTAFF QUESTIONS AND ANSWERS
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF QUESTIONS AND ANSWERS AUDITING INTERNAL CONTROL OVER FINANCIAL REPORTING Summary: Staff
More informationUpdate on AICPA Assurance Services Executive Committee Activities
Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA Agenda ASEC overview Summary of work streams by
More informationThe 7 Deadly Sins of SAS 70 s
ASSURANCE AND ADVISORY BUSINESS SERVICES The 7 Deadly Sins of SAS 70 s Presented by: Christopher Mitchell, MBA, CIA, CISA, CCSA 1 Seven Deadly Sins Lust (obsessive or excessive thoughts) Gluttony (over-indulgence)
More informationArticle 5.--CODE OF PROFESSIONAL CONDUCT
Article 5.--CODE OF PROFESSIONAL CONDUCT Part I.--DEFINITIONS, INDEPENDENCE, INTEGRITY AND OBJECTIVITY, COMMISSIONS AND REFERRAL FEES, CONTINGENT FEES 74-5-2. Definitions. Each of the following terms,
More informationBDO Seidman, LLP Accountants and Consultants
BDO Seidman, LLP Accountants and Consultants 330 Madison Avenue New York, NY 10017 (212) 885-8000 Phone (212) 697-1299 Fax Via E-mail: comments@pcaobus.org Office of the Secretary Public Company Accounting
More informationACC 215 ETHICS IN ACCOUNTING. Upon completion of this course, the student will be able to:
ACC 215 ETHICS IN ACCOUNTING COURSE DESCRIPTION: Perequisites: ACC 121 Corequistites: None This course introduces students to professional codes of conduct and ethics adopted by professional associations
More informationG24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP
G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the
More informationOctober 1, 2015. Ms. Sherry Hazel American Institute of Certified Public Accountants 1211 Avenue of the Americas, 19 th Floor New York, NY 10036-8775
Deloitte & Touche LLP 695 E Main Street Stamford, CT 06901-2150 Tel: +1 203 761 3000 Fax: +1 203 761 3013 www.deloitte.com October 1, 2015 Ms. Sherry Hazel American Institute of Certified Public Accountants
More informationRoles and Responsibilities Corporate Compliance and Internal Audit
Roles and Responsibilities and By Mark P. Ruppert, CPA, CIA, CISA, CHFP The focus group of Health Care Compliance Association (HCCA) and Association of Healthcare ors (AHIA) members continues to explore
More informationSTANDING ADVISORY GROUP MEETING
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING AUDIT CONFIRMATIONS APRIL 2, 2009 Introduction Confirmations
More informationInternational Institute of Management
Executive Education Executive Action Learning Seminars Executive Seminars Executive Courses International Institute of Management Executive Education Courses CIO & Sarbanes Oxley Compliance SOX Implementation
More informationUNITED STATES OF AMERICA BEFORE THE SECURITIES AND EXCHANGE COMMISSION
UNITED STATES OF AMERICA BEFORE THE SECURITIES AND EXCHANGE COMMISSION SECURITIES EXCHANGE ACT OF 1934 Release No. 70449 / September 18, 2013 ACCOUNTING AND AUDITING ENFORCEMENT Release No. 3488 / September
More informationBC54: Preparing for a SAS 70 Audit
BC54: Preparing for a SAS 70 Audit Kathleen Lucey Montague Risk Management kalucey@montaguetm.com tel: 1.516.676.9234 1 What is SAS 70? History and Purpose What does it include? Type 1 vs. Type 2 Grades
More informationAuthorized By: Steven M. Goldman, Commissioner, Department of Banking and Insurance
BANKING DEPARTMENT OF BANKING AND INSURANCE DIVISION OF BANKING Audit Requirements Proposed Readoption with Amendments: N.J.A.C 3:29 Authorized By: Steven M. Goldman, Commissioner, Department of Banking
More informationEPCS Third party audits the CPA perspective. 13 September 2012
EPCS Third party audits the CPA perspective 13 September 2012 Agenda Introduction History Report review Audit process Moving forward Introduction 1311.300 Application provider requirements Third-party
More informationQuestions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007
Questions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007 Preparing Financial Statements Q1. During a recent AICPA Webcast, a panelist indicated
More informationDeveloping an Effective Enterprise Risk Management Program
Developing an Effective Enterprise Risk Management Program Jay Brietz, CPA and CIA Senior Manager This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationConsultation Response
Consultation Response PROPOSED AUDITING STANDARD AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING PERFORMED IN CONJUNCTION WITH AN AUDIT OF FINANCIAL STATEMENTS PCAOB Rulemaking Docket Matter No.
More informationGuide to Internal Audit
Guide to Internal Audit Frequently Asked Questions About Developing and Maintaining an Effective Internal Audit Function Second Edition Table of Contents Introduction... 1 The Internal Audit Profession...
More informationThe Litigators Guide to Auditors Malpractice Liability: Consequences of Failures to Understand the Reporting Entity s Internal Controls
The Litigators Guide to Auditors Malpractice Liability: Consequences of Failures to Understand the Reporting Entity s Internal Controls By Barry J. Epstein, Ph.D., CPA, CFF Russell Novak & Company LLP
More informationIndustry Sound Practices for Financial and Accounting Controls at Financial Institutions
Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Federal Reserve Bank of New York January 2006 FINANCIAL AND ACCOUNTING CONTROLS: INDUSTRY SOUND PRACTICES FOR FINANCIAL
More informationUnderstanding Vendor Risk And Analyzing the SSAE No. 16
Understanding Vendor Risk And Analyzing the SSAE No. 16 Accelerate your Credit Union s Performance June 19, 2014 AUSTIN, TEXAS www.cuaccelerator.com Agenda Vendor Management Key Outsourcing Risk Areas
More informationService Organization Control Reports
SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences
More informationFramework for Performing and Reporting on Compilation and Review Engagements
Compilation and Review Engagements 1999 AR Section 60 Framework for Performing and Reporting on Compilation and Review Engagements Issue date, unless otherwise indicated: December 2009 Source: SSARS No.
More informationRULES OF THE AUDITOR GENERAL
RULES OF THE AUDITOR GENERAL CHAPTER 10.800 AUDITS OF DISTRICT SCHOOL BOARDS EFFECTIVE 06-30-12 RULES OF THE AUDITOR GENERAL CHAPTER 10.800 TABLE OF CONTENTS Rule Description Page Section No. PREFACE TO
More informationSAS70 US Experience of KPMG Russia Team
IT ADVISORY SAS70 US Experience of KPMG Russia Team ADVISORY Some Typical Services Outsourced for a Large-Scale US Company Paycheck Processing IT Services Accounts Payable Medical Claims Reimbursement
More informationGUIDE FOR AUDITING STATE DISBURSEMENT UNITS
GUIDE FOR AUDITING STATE DISBURSEMENT UNITS DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE OF CHILD SUPPORT ENFORCEMENT OFFICE OF AUDIT TABLE OF CONTENTS PAGE AUDITS OF STATE DISBURSEMENT UNITS (SDUS)...
More informationGuide to Internal Control Over Financial Reporting
Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).
More informationCPCAF Comfort Letter Procedures. Copyright 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.
Comfort Letter Procedures Relating to Capsule Financial Information Presented In a Registration Statement Prior to the Issuance of the Year-End Financial Statements This white paper is not authoritative
More informationAuditing Derivative Instruments, Hedging Activities, and Investments in Securities 1
Auditing Derivative Instruments 1915 AU Section 332 Auditing Derivative Instruments, Hedging Activities, and Investments in Securities 1 (Supersedes SAS No. 81.) Source: SAS No. 92. See section 9332 for
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationSpecial Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)
Special Considerations---Audits of Group Financial Statements 607 AU-C Section 600 Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Source: SAS No.
More informationRole is Broader and More Strategic
Internal Control Transformation IC s Role is Broader and More Strategic CACUBO Winter Workshop - 2013 Introduction Cindy Berg Director McGladrey LLP 201 N Harrison Street Davenport, Iowa 52801 cindy.berg@mcgladrey.com
More information) ) ) ) ) ) ) ) ) ) ) )
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 PROPOSED AUDITING STANDARD RELATED TO CONFIRMATION AND RELATED AMENDMENTS TO PCAOB STANDARDS ) ) ) ) ) ) ) )
More informationCOSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE
COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,
More informationChapter 5 SUPERVISORY COMMITTEE TABLE OF CONTENTS
Chapter 5 SUPERVISORY COMMITTEE TABLE OF CONTENTS SUPERVISORY COMMITTEE... 5-1 Examination Objectives... 5-1 Associated Risks... 5-1 Overview... 5. 1 Scope Development and Planning... 5-2 Meeting with
More informationAICPA Single Audit Update MACPA Government and NPO Conference
AICPA Single Audit Update MACPA Government and NPO Conference April 27, 2012 Mary Foelster, AICPA, Director, Governmental Auditing and Accounting 1 What Will Cover Technical Matters Impacting Single Audits
More informationMASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2
MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...
More information26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Ms. Nancy M. Morris, Secretary
More informationDocumentation of Use of a Type 2 Service Auditor s Report In an Audit of an Employee Benefit Plan s Financial Statements
Documentation of Use of a Type 2 Service Auditor s Report In an Audit of an Employee Benefit Plan s Financial Statements PLAN NAME: PLAN YEAR END: CLIENT NUMBER: SCOPE OF PLAN AUDIT: LIMITED FULL Note:
More informationThe 2013 COSO Framework & SOX Compliance
The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen McNally, CPA The 2013 COSO Framework & SOX Compliance ONE APPROACH TO AN EFFECTIVE TRANSITION By J. Stephen
More informationSarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo www.ssfllp.com sox@ssfllp.
From Zero to SOX Zero to SOX An Overview The goals of a program to meet SOX 404 requirements go far beyond compliance. The process of building a sustainable, comprehensive internal control environment
More informationFarewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting
Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative
More informationA Simulation Study of the Effects of Perceived Risk. on the Internal Control Reporting Process
A Simulation Study of the Effects of Perceived Risk and Information Sharing on the Internal Control Reporting Process By Stephanie Dehning Grimm * and Sheneeta W. White Opus College of Business, University
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationThis release of the FISCAM document has been reformatted from the January 1999 version.
United States General Accounting Office This release of the FISCAM document has been reformatted from the January 1999 version. It includes only formatting changes, refers to several different GAO documents,
More informationSarbanes-Oxley Section 404: Management s Assessment Process
Sarbanes-Oxley Section 404: Management s Assessment Process Frequently Asked Questions ADVISORY Contents 1 Introduction 2 Providing a Road Map for Management 3 Questions and Answers 3 Section I. Planning
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationHow To Write A Financial Audit
Overall Objectives of the Independent Auditor 77 AU-C Section 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards Source:
More informationService Organization Control (SOC) reports What are they?
Service Organization Control (SOC) reports What are they? Jeff Cook, CPA, CITP, CIPT, CISA June 2015 Introduction Service Organization Control (SOC) reports are on the rise in the IT assurance and compliance
More informationPlanning for An Employee Benefit Plan Audit For the Auditor
Planning for An Employee Benefit Plan Audit For the Auditor Phone: (410) 403-1500 Toll Free: (800) 832-3008 Fax: (410) 403-1570 Web: www.scandh.com Agenda Audit Requirements Types of Audits Planning Meetings
More informationSept. 21-23, 2011 Ft. Lauderdale
Sept. 21-23, 2011 Ft. Lauderdale 26 th Annual Accounting Show September 21-23, 2011 Ft. Lauderdale 12:45-1:35pm Engagement Letters and Comfort Letters... 1 Steven M. Platau, JD, CPA Professor of Accounting
More informationLearning Objectives. After studying this chapter, you should be able to: Auditing standards relevant to this topic. For private companies
Chapter 1 What Is Auditing? Learning Objectives After studying this chapter, you should be able to: 1. Describe auditing and explain why it is important. 2. Explain the unique characteristics of the auditing
More informationEffective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions
Effective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions Plan Advisory The AICPA EBPAQC is a firm-based, volunteer membership center created with the goal of promoting quality employee
More informationHere comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements?
SAS 70 EVOLUTION: Here comes SSAE 16 PLANNING FOR THE NEW SERVICE ORGANIZATION REPORTING STANDARDS The prevalence of SAS 70 audits has grown dramatically since the standards issuance in April of 1992.
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationClackamas County. Office of the Treasurer. Investment Policy. 2051 Kaen Rd, #430. Oregon City, Oregon 97045 503-742-5995 FAX 503-742-5996
Clackamas County Office of the Treasurer Investment Policy 2051 Kaen Rd, #430 Oregon City, Oregon 97045 503-742-5995 FAX 503-742-5996 shariand@co.clackamas.or.us 6/4/12 1 I. Objectives: Clackamas County
More informationAppendix G Implementation Guide (Guide) for the Annual Financial Reporting Model Regulation (Model)
Implementation Guide (Guide) for the Annual Financial Reporting Model Regulation (Model) Introduction The new requirements within the Annual Financial Reporting Model Regulation related to auditor independence,
More informationCOSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP
COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed
More informationStrengthening Business Practices:
Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services and Control Office of the President November 2011 Control Environment Agenda
More information100 What Are They? Agreed upon procedures. Audits, reviews, compilations, or preparations of specified elements of a financial statement.
Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest Nontraditional Engagements Chapter 1 Nontraditional Engagements an Introduction 100 What Are They?
More informationPublic Safety Vehicle Repair Audit
City of Austin AUDIT REPORT A Report to the Austin City Council Mayor Lee Leffingwell Public Safety Vehicle Repair Audit October 2013 Mayor Pro Tem Sheryl Cole Council Members Chris Riley Mike Martinez
More informationEthics for CPAs. Meeting Expectations in Challenging Times
Brochure More information from http://www.researchandmarkets.com/reports/2213995/ Ethics for CPAs. Meeting Expectations in Challenging Times Description: Current, comprehensive guidelines to ethical regulations
More informationService Organizations: Auditing Interpretations of Section 324
Service Organizations 1835 AU Section 9324 Service Organizations: Auditing Interpretations of Section 324 1. Describing Tests of Operating Effectiveness and the Results of Such Tests.01 Question Paragraph.44f
More informationWELCOME TO SECURE360 2013
WELCOME TO SECURE360 2013 Don t forget to pick up your Certificate of Attendance at the end of each day. Please complete the Session Survey front and back, and leave it on your seat. Are you tweeting?
More informationGuide to the Sarbanes-Oxley Act:
Guide to the Sarbanes-Oxley Act: internal Control Reporting Requirements Frequently Asked Questions Regarding Section 404 Fourth Edition Table of Contents Page No. Introduction... 1 Applicability of Section
More informationFAQs New Service Organization Standards and Implementation Guidance
FAQs New Service Organization Standards and Implementation Guidance During the past two years several significant changes have occurred in audit and attest standards for reporting on controls at service
More information