Navigating the transition to CSAE 3416

Size: px
Start display at page:

Download "Navigating the transition to CSAE 3416"

Transcription

1 Navigating the transition to CSAE 3416 FAQs on the new Canadian Standard on Assurance Engagements

2 In response to changes in third-party assurance standards in both the US and internationally, the Auditing and Assurance Standards Board has issued a new Canadian Standard on Assurance Engagements called Reporting on Controls at a Service Organization (CSAE 3416). This standard replaces the Auditor s Report on Controls at a Service Organization, Section 5970 (S 5970), which has been the standard in Canada for performing independent third-party assurance engagements. CSAE has been designed to provide standards and guidance to an auditor who is reporting on the controls at a service organization. This is relevant to situations when the service (a specialized business task or function) being provided to customers (or user entities) impacts the user entity s financial reporting processes. In such situations, service organizations are often subjected to audits of these processes. 1 FAQs on the new Canadian Standard on Assurance Engagements

3 How will the CSAE affect my organization? CSAE 3416 (and S 5970) allows auditors to issue two types of service auditor s reports. In a type 1 report the service auditor expresses an opinion on the fair presentation of the described controls (i.e. does the description coincide with what actually exists) and whether the controls included in the description are suitably designed to meet the control objectives. Once controls are determined to be suitably designed to achieve the control objectives, their operating effectiveness can be assessed and reported on, within a type 2 report. In both of the above reports, the service organization is responsible for the preparation of the system description inserted into the report. This description includes the nature of the service provided, how the service is performed, and the service organization s controls over the service and related control objectives. Why the need for change? The CSAE is aligned with the new Statement on Standards for Attestation Engagements (SSAE 16), Reporting on Controls at a Service Organization, which was issued by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB). The SSAE 16 standard was released in response to the new International Standard on Assurance Engagements (ISAE 3402), which was created to provide a reporting option for service organizations with the need to deliver consistent reporting worldwide. PwC 2

4 Are there any significant differences between CSAE 3416, the new international standard ISAE 3402, and the new US standard SSAE 16? By aligning with the new SSAE, the CSAE materially aligns with ISAE 3402 in most respects. The CSAE 3416 standard is modeled after the US standard SSAE 16, with a six month lag in effective date. Will the new standard be as widely accepted as the existing Section 5970? As of December 15, 2011, S 5970 will be replaced by CSAE It is expected that all current users and issuers of S 5970 reports will move to CSAE 3416, except in instances where the service organization wants to target a non-canadian audience. In these circumstances, the SSAE 16 or ISAE 3402 may be used. When will the new standards be effective? CSAE 3416 will be effective for service auditor s reports for periods ending on or after December 15, This is six months after the effective date of the International Auditing and Assurance Standards Board s (IAASB) and the AICPA s standard for service auditors (June 15, 2011). Can a single report be issued under more than one standard? Yes it can. The report can be tailored to meet the criteria of multiple standards, with one standard being considered the anchor standard. 3 FAQs on the new Canadian Standard on Assurance Engagements

5 Have significant changes been made to CSAE 3416 that will affect a service auditor s engagement? Will these changes lead to a considerable change in the level of effort and cost to issue a report under the new standard? While the standard does include some new requirements and changes to previous requirements as outlined in S 5970, the change in the level of effort from a service organization s standpoint would depend on how prepared they are. Factors that may affect the level of effort include the service organization s past experience with third-party assurance reporting and the overall strength of the internal controls environment. The level of effort for first time issuers of a third-party assurance report under the new standard will be significantly higher. Please refer to A new level of trust and transparency A perspective on transitioning from Section 5970 to CSAE 3416 for more detail in this area. Can CSAE 3416 be used for reporting on controls over subject matter other than financial reporting? No. While early exposure drafts considered the expansion of scope beyond controls related to financial reporting, later drafts removed this provision. CSAE 3416 (as well as S 5970) does not apply to examinations of controls over subject matter other than financial reporting. These types of engagements would be performed under Section 5025, Standards for Assurance Engagements Other than Audits of Financial Statements and other historical financial information. PwC 4

6 What types of activities can be performed by service organizations to prepare for the move to the new standard? Is early adoption permitted? While it is not expected that many organizations will adopt the new Canadian standard early, we re encouraging organizations to begin aligning their existing reports and supporting processes with the new requirements. If an organization chooses to adopt early, we suggest they reach out to their service auditors to discuss next steps in their transition. Is the existing guidance to assist with the performance of S 5970 engagements being rewritten? When will the new guidance be available? Yes. The existing AICPA guide, which is often used as a reference in Canada (AICPA guide for Service Organizations or SAS 70 guide), is being rewritten to reflect the requirements and guidance in SSAE 16. This revised guide can be consulted when performing CSAE 3416 engagements in the future, and is expected to be available in the second quarter of FAQs on the new Canadian Standard on Assurance Engagements

7 Can service organizations provide a CSAE 3416 service auditor s report on their services to potential customers? No. Given that the nature of services performed by individual service organizations are different, service auditor s reports are designed to only include controls that services organizations feel are relevant to their existing clients (and user auditors). Additionally, any procedures performed by the service auditor (used to formulate their opinion) only relate to the controls that apply to existing customers. As a result, use of a CSAE 3416 report (or S 5970 report) is restricted to existing customers (user entities) of the service organization and their auditors and is not meant to be used for the purpose of marketing to potential customers. Will entities now become certified under CSAE 3416 and similar standards? No. The idea of certifying against CSAE 3416 and S 5970 (and other similar standards) is a popular misconception, since thirdparty assurance reports (including CSAE 3416 and S 5970) are meant primarily for auditor to auditor communication. Neither of these represents a prescriptive framework against which a service provider can be evaluated (unlike certification frameworks such as ISO or PCI). As a result, a service provider cannot be certified as CSAE 3416 compliant. PwC 6

8 Who to call National Controls Leader Arturo Lopez Calgary & Vancouver Justin Abel Edmonton Kishan Dial Montréal Marc Fournier Ottawa Anthony Dias Toronto Peter Hargitai Jennifer Johnson Tony Pedari Johanna Sun Winnipeg Robert Reimer PricewaterhouseCoopers LLP. All rights reserved. In this document, PwC refers to PricewaterhouseCoopers LLP, an Ontario limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity

TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization

TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization November 2011 AICPA Technical Practice Aids TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization.01 New Standards for Service Auditors and User Auditors Inquiry Did the issuance

More information

BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization

BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization August 2010 BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization This Basis for Conclusions has been prepared by staff of the Auditing

More information

Goodbye, SAS 70! Hello, SSAE 16!

Goodbye, SAS 70! Hello, SSAE 16! Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70

More information

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the

More information

Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770

Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770 Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com SAS 70 Background 2 SAS No. 70 Reports on the Processing of Transactions by Service Organizations Independent examination

More information

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards. At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new

More information

The end of SAS70 what next for Performance Assurance?

The end of SAS70 what next for Performance Assurance? Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need

More information

FAQs New Service Organization Standards and Implementation Guidance

FAQs New Service Organization Standards and Implementation Guidance FAQs New Service Organization Standards and Implementation Guidance During the past two years several significant changes have occurred in audit and attest standards for reporting on controls at service

More information

Assuring success in large business programs Internal audit s role in strategic risk management

Assuring success in large business programs Internal audit s role in strategic risk management The resilience, reputation and value of a company can be positively influenced by successful transformation projects. Assuring success in large business programs Internal audit s role in strategic risk

More information

MHM S PERSPECTIVE: CHANGES COMING TO SAS 70.KNOW THE FACTS

MHM S PERSPECTIVE: CHANGES COMING TO SAS 70.KNOW THE FACTS Mayer Hoffman McCann P.C. An Independent CPA Firm MHM S AUDITING PERSPECTIVE: STANDARD NO. 5 Since its issuance in 1992, the American Institute of Certified Public Accountants (AICPA) Statement on Auditing

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING RESPONSIBILITIES OF THE PRINCIPAL AUDITOR APRIL 7-8, 2010 Introduction

More information

Monitoring Outside Service Providers, Part III: SAS 70 Updates

Monitoring Outside Service Providers, Part III: SAS 70 Updates Monitoring Outside Service Providers, Part III: SAS 70 Updates Richard F. Fischer, CPA Louis Plung & Company, LLP richard.fischer@louisplung.com 412-281-8771 CHANGES TO SAS 70 SERVICE ORGANIZATIONS: Statement

More information

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA/CITP, Partner at RubinBrown, LLP Janis Parthun, CPA/CITP, Sr. Technical Manager

More information

G24 - SAS 70 Practices and Developments Todd Bishop

G24 - SAS 70 Practices and Developments Todd Bishop G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS

More information

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)

More information

Farewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting

Farewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative

More information

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT AGENDA Introduction Annex SL Changes to ISO 9001 Future Development How SGS can support you 2 INTRODUCTION ISO 9001 Revision Committee Draft Issued 2013

More information

SAMPLE NPO SOCIETY FINANCIAL STATEMENTS. August 31, 2011

SAMPLE NPO SOCIETY FINANCIAL STATEMENTS. August 31, 2011 FINANCIAL STATEMENTS August 31, 2011 INDEX Page Independent Auditor's Report 2 Statement of Operations 3 Statement of Changes in Net Assets 4 Statement of Financial Position 5 Cash Flow Statement 6 Notes

More information

Here comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements?

Here comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements? SAS 70 EVOLUTION: Here comes SSAE 16 PLANNING FOR THE NEW SERVICE ORGANIZATION REPORTING STANDARDS The prevalence of SAS 70 audits has grown dramatically since the standards issuance in April of 1992.

More information

Frequently asked questions: SOC 2 and 3

Frequently asked questions: SOC 2 and 3 1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same

More information

EPCS Third party audits the CPA perspective. 13 September 2012

EPCS Third party audits the CPA perspective. 13 September 2012 EPCS Third party audits the CPA perspective 13 September 2012 Agenda Introduction History Report review Audit process Moving forward Introduction 1311.300 Application provider requirements Third-party

More information

Updating the Benefits of the GST New Housing Rebate

Updating the Benefits of the GST New Housing Rebate Housing Affordability and Choice for Canadians: Building on Success Updating the Benefits of the Introduction: When the Goods and Services Tax (GST) was introduced in 1991, the federal government recognized

More information

ISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015

ISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015 ISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015 AGENDA Introduction Structure and Terminology Changes to ISO 9001 Future Developments How SGS can support you 2 INTRODUCTION ISO/DIS 9001 Issued May 2014

More information

The Directors Cut. The power of data: What directors need to know about Big Data, analytics and the evolution of information. www.pwc.

The Directors Cut. The power of data: What directors need to know about Big Data, analytics and the evolution of information. www.pwc. www.pwc.com/ca/acconnect The Directors Cut The power of data: What directors need to know about Big Data, analytics and the evolution of information December 201 This newsletter is brought to you by PwC

More information

Update on AICPA Assurance Services Executive Committee Activities

Update on AICPA Assurance Services Executive Committee Activities Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA Agenda ASEC overview Summary of work streams by

More information

CSA Position Paper on AICPA Service Organization Control Reports

CSA Position Paper on AICPA Service Organization Control Reports CSA Position Paper on AICPA Service Organization Control Reports February 2013 2013, Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link

More information

Chapter 04. Board of Public Accountancy.

Chapter 04. Board of Public Accountancy. Chapter 04. Board of Public Accountancy. (Words in boldface and underlined indicate language being added; words [CAPITALIZED AND BRACKETED] indicate language being deleted. Complete new sections are not

More information

RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards

RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards May 12, 2003 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C. 20006-2803 RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment

More information

Demographic Overview. Demographic Overview

Demographic Overview. Demographic Overview Demographic Overview Brampton Among Canada s 2 Largest Municipalities Toronto (Ont.) Montréal (Que.) Calgary (Alta.) Ottawa (Ont.) Edmonton (Alta.) Mississauga (Ont.) Winnipeg (Man.) Vancouver (B.C.) Brampton

More information

Re-Settlers: The Secondary Migration of Immigrants Between Canada s Cities Jack Jedwab Executive Director Association for Canadian Studies

Re-Settlers: The Secondary Migration of Immigrants Between Canada s Cities Jack Jedwab Executive Director Association for Canadian Studies Re-Settlers: The Secondary Migration of s Between Canada s Cities Jack Jedwab Executive Director Association for Canadian Studies Immigration is an important source of growth for Canada s cities. s tend

More information

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Protecting your brand in the cloud Transparency and trust through enhanced reporting Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business

More information

Audit, Review, Compilation, and Preparation of Financial Statements

Audit, Review, Compilation, and Preparation of Financial Statements Audit, Review, Compilation, and Preparation of Financial Statements DISCLAIMER: This publication has not been approved, disapproved or otherwise acted upon by any senior technical committees of, and does

More information

Third party assurance services

Third party assurance services TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent

More information

Postmedia Network Canada Corp. Q3 F2015 Investor and Analyst Conference Call July 9, 2015

Postmedia Network Canada Corp. Q3 F2015 Investor and Analyst Conference Call July 9, 2015 Postmedia Network Canada Corp. Q3 F2015 Investor and Analyst Conference Call July 9, 2015 Forward Looking Statements This presentation may include certain information that is forward-looking information

More information

Service Organization Control (SOC) reports What are they?

Service Organization Control (SOC) reports What are they? Service Organization Control (SOC) reports What are they? Jeff Cook, CPA, CITP, CIPT, CISA June 2015 Introduction Service Organization Control (SOC) reports are on the rise in the IT assurance and compliance

More information

Background. Audit Quality and Public Interest vs. Cost

Background. Audit Quality and Public Interest vs. Cost Basis for Conclusions: ISA 600 (Revised and Redrafted), Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Prepared by the Staff of the International

More information

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,

More information

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA, CITP, Partner at RubinBrown, LLP Janis Parthun, CPA, CITP, Sr. Technical Manager

More information

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements

More information

PwC. Bill 198 Overview September 2004

PwC. Bill 198 Overview September 2004 PwC Bill 198 Overview September 2004 Agenda Welcome and overview Regulatory environment and background Three rules: 52-109 Strategies for implementing the CEO/CFO certification process 52-110 Requirements

More information

The 21 st Century Version of SAS 70..SSAE 16

The 21 st Century Version of SAS 70..SSAE 16 presents Mastering SAS 70 Audit Reports for Service Organizations Evaluating Internal Controls Issues With Type I and Type II Reports A Live 110-Minute Teleconference/Webinar with Interactive Q&A Today's

More information

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

New Canadian reporting requirements for Canadian private placement sales

New Canadian reporting requirements for Canadian private placement sales April 14 2016 UPDATE New Canadian reporting requirements for Canadian private placement sales Authors: Rob Lando, Lori Stein Posted in Resources > Canadian Legislation & Regulations NEW TRADE REPORT REQUIREMENTS

More information

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of

More information

Communications. How to complete the M&A integration process, minimize disruptions, and achieve desired synergies.* *connectedthinking

Communications. How to complete the M&A integration process, minimize disruptions, and achieve desired synergies.* *connectedthinking Advisory Services Capturing M&A Integration Deal Value Communications How to complete the M&A integration process, minimize disruptions, and achieve desired synergies.* In the flurry of activity that surrounds

More information

Open Government and Information Management. Roy Wiseman Executive Director, MISA/ASIM Canada CIO (Retired), Region of Peel roy.wiseman@outlook.

Open Government and Information Management. Roy Wiseman Executive Director, MISA/ASIM Canada CIO (Retired), Region of Peel roy.wiseman@outlook. Open Government and Information Management Roy Wiseman Executive Director, MISA/ASIM Canada CIO (Retired), Region of Peel roy.wiseman@outlook.com Open Government Defined Government of Canada defines Open

More information

Finance Report: Audited Financial Statements, for the year ended March 31, 2015

Finance Report: Audited Financial Statements, for the year ended March 31, 2015 Finance Report: Audited Financial Statements, for the year ended March 31, 2015 Bob Dillman, Finance & Operations Director Mitchell Cook, Finance & Operations Manager Remembering a Leader Bethany Tory

More information

About the Presenter. Presentation Objectives. SaaS / Cloud Computing Risk Management AICPA Attest Alternatives

About the Presenter. Presentation Objectives. SaaS / Cloud Computing Risk Management AICPA Attest Alternatives SaaS / Cloud Computing Risk Management AICPA Attest Alternatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter

More information

THE CITY OF GREATER SUDBURY COMMUNITY DEVELOPMENT CORPORATION

THE CITY OF GREATER SUDBURY COMMUNITY DEVELOPMENT CORPORATION Financial Statements of THE CITY OF GREATER SUDBURY COMMUNITY DEVELOPMENT CORPORATION Year ended December 31,2011 p-wc June 27, 2012 Independent Auditors Report To the Board of Directors of the City of

More information

Aberdeen City Council IT Governance

Aberdeen City Council IT Governance Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or

More information

YOUR CANADIAN CONNECTION

YOUR CANADIAN CONNECTION YOUR CANADIAN CONNECTION Rogers Carrier Services offers domestic and international wholesale partners a broad range of innovative telecommunications services featuring the performance, scalability and

More information

BC54: Preparing for a SAS 70 Audit

BC54: Preparing for a SAS 70 Audit BC54: Preparing for a SAS 70 Audit Kathleen Lucey Montague Risk Management kalucey@montaguetm.com tel: 1.516.676.9234 1 What is SAS 70? History and Purpose What does it include? Type 1 vs. Type 2 Grades

More information

Questions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007

Questions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007 Questions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007 Preparing Financial Statements Q1. During a recent AICPA Webcast, a panelist indicated

More information

Consultation on the Applicability of IPSASs to Government Business Enterprises and Other Public Entities

Consultation on the Applicability of IPSASs to Government Business Enterprises and Other Public Entities International Public Sector Accounting Standards Board Ms Stephanie Fox IPSASB Technical Director 277 Wellington Street West Toronto, Ontario M5V 3H2 Canada E-mail: stepheniefox@ipsasb.org 23 December

More information

How mature is the internal control framework at your service organisation? ISAE 3402 and SSAE 16: Reinforcing confidence through demonstration of

How mature is the internal control framework at your service organisation? ISAE 3402 and SSAE 16: Reinforcing confidence through demonstration of How mature is the internal control framework at your service organisation? ISAE 3402 and SSAE 16: Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview

More information

OUTSOURCING AND SERVICE AUDITOR S REPORTS

OUTSOURCING AND SERVICE AUDITOR S REPORTS OUTSOURCING AND SERVICE AUDITOR S REPORTS FREEDOM TO DO BUSINESS Outsourcing and service Auditor s Reports 3 OUTSOURCING AND SERVICE AUDITOR S REPORTS SERVICE AUDITOR S REPORTS ARE GROWING IN IMPORTANCE,

More information

Fraud Risk Management

Fraud Risk Management RISK CONSULTING Fraud Risk Management A proactive approach to counter the risk of fraud and misconduct kpmg.ca/forensic 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the

More information

SAS No. 70, Service Organizations

SAS No. 70, Service Organizations SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing

More information

www.pwc.com/ca Forest Management and Chain of Custody Certification November 18, 2014 WPAC 2014 AGM Fibre Supply Chain Certification 101

www.pwc.com/ca Forest Management and Chain of Custody Certification November 18, 2014 WPAC 2014 AGM Fibre Supply Chain Certification 101 www.pwc.com/ca Forest Management and Chain of Custody Certification November 18, 2014 WPAC 2014 AGM Fibre Supply Chain Certification 101 Agenda 1. History of Forest Management Certification and Chain of

More information

ACL ANALYTICS. Installation and Activation Guide

ACL ANALYTICS. Installation and Activation Guide ACL ANALYTICS Installation and Overview... 2 Installation and Licensing... 2 Activation... 2 System Requirements... 2 Installing and Activating ACL Analytics... 3 Step 1: Download and Install ACL Analytics...

More information

The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011

The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 Table of Contents A Short History of SAS 70 Overview of SSAE 16 and ISAE 3402

More information

The Students Union, The University of Calgary. Financial Statements June 30, 2014

The Students Union, The University of Calgary. Financial Statements June 30, 2014 The Students Union, The University of Calgary Financial Statements June 30, November 18, Independent Auditor s Report To the Members of The Students Union, The University of Calgary We have audited the

More information

Canadian Trucking Alliance Electronic Logging Devices (ELDs) The Road Ahead

Canadian Trucking Alliance Electronic Logging Devices (ELDs) The Road Ahead Canadian Trucking Alliance Electronic Logging Devices (ELDs) The Road Ahead October 2015 Workshop Series Vancouver, Calgary, Edmonton, Winnipeg, Halifax, Regina, Toronto Agenda Current Industry Uptake

More information

The Finance & Audit (F&A) Committee is expected to consider F&A Committee Agenda Item 4: at its meeting on December 7, 2015.

The Finance & Audit (F&A) Committee is expected to consider F&A Committee Agenda Item 4: at its meeting on December 7, 2015. The Finance & Audit (F&A) Committee is expected to consider F&A Committee Agenda Item 4: Recommendation regarding Acceptance of 2015 Service Organization Control (SSAE 16) Audit Report at its meeting on

More information

Multiple Auditing Standards and Standard Setting: Implications for Practice and Education

Multiple Auditing Standards and Standard Setting: Implications for Practice and Education Volume 7, Issue 1 2013 Pages C1 C10 American Accounting Association DOI: 10.2308/ciia-50344 COMMENTARY Multiple Auditing Standards and Standard Setting: Implications for Practice and Education Charles

More information

REGIONAL SPOKESPERSON BIOGRAPHIES

REGIONAL SPOKESPERSON BIOGRAPHIES REGIONAL SPOKESPERSON BIOGRAPHIES CONTENTS Robert Nardi, National...1 Duncan Stewart, National...2 Clinton G. McNair, Calgary...3 J. Blair Knippel, Prairie...4 Jamie Barron, Southwestern Ontario...5 Jeffrey

More information

Montreal Quebec Toronto Ottawa Edmonton Philadelphia Denver Tampa. www.legermarketing.com

Montreal Quebec Toronto Ottawa Edmonton Philadelphia Denver Tampa. www.legermarketing.com Montreal Quebec Toronto Ottawa Edmonton Philadelphia Denver Tampa www.legermarketing.com Methodology INSTRUMENT An online survey was conducted between May 10 th and May 13 th, 2010. SCOPE The survey was

More information

Cybersecurity and the AICPA Cybersecurity Attestation Project

Cybersecurity and the AICPA Cybersecurity Attestation Project Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force 2 October 2015 Increasing awareness of cybersecurity

More information

Service Organization Control Reports

Service Organization Control Reports SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences

More information

Service Organization Control (SOC) Reports

Service Organization Control (SOC) Reports Service Organization Control (SOC) Reports Transitioning from SAS 70 to SSAE 16 Deloitte & Touche LLP Agenda Overview SAS 70/SSAE 16 Historical Perspective The New Framework Under SSAE 16 (SOC 1) Impact

More information

Shared Service System Audits: What User Management and Auditors Need to Know

Shared Service System Audits: What User Management and Auditors Need to Know Shared Service System Audits: What User Management and Auditors Need to Know JFMIP May 2014 Presented by: Robert Dacey GAO Session Objectives Properly using SSAE 16 service organization audit reports Revisions

More information

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased

More information

CFPB Readiness Series: Compliant Vendor Management Overview

CFPB Readiness Series: Compliant Vendor Management Overview CFPB Readiness Series: Compliant Vendor Management Overview Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must be tailored to the

More information

alternative finance conference

alternative finance conference alternative finance conference accessing Asian capital through dual listings on the Hong Kong Stock Exchange Paul D. Davis, Partner October 4, 2012 McMillan LLP Vancouver Calgary Toronto Ottawa Montréal

More information

Chapter 5. Rules and Policies NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS

Chapter 5. Rules and Policies NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS Chapter 5 Rules and Policies 5.1.1 NI 52-109 Certification of Disclosure in Issuers Annual and Interim Filings TABLE OF CONTENTS NATIONAL INSTRUMENT 52-109 CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL

More information

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP Disclaimer The material appearing in this presentation is for informational purposes only and should not be construed

More information

Oxford City Council Managing Capital Projects

Oxford City Council Managing Capital Projects www.pwc.co.uk Internal Audit Report 2014/2015 August 2015 Oxford City Council Managing Capital Projects Table of Contents 1. Executive Summary... 3 2. Background and scope... 5 3. Detailed findings...

More information

IAASB Main Agenda (June 2010) Agenda Item. April 28, 2009

IAASB Main Agenda (June 2010) Agenda Item. April 28, 2009 Agenda Item 8-B Statement of Position 09-1 April 28, 2009 Performing Agreed-Upon Procedures Engagements That Address the Completeness, Accuracy, or Consistency of XBRL-Tagged Data Issued Under the Authority

More information

The silver lining: Getting value and mitigating risk in cloud computing

The silver lining: Getting value and mitigating risk in cloud computing The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations

More information

FIDUCIARY ADVISORY SERVICES

FIDUCIARY ADVISORY SERVICES FIDUCIARY ADVISORY SERVICES Comprehensive investment oversight for charities and non-profit organizations Boards of Directors have the opportunity to make a difference in how charities fulfill their missions.

More information

October 1, 2015. Ms. Sherry Hazel American Institute of Certified Public Accountants 1211 Avenue of the Americas, 19 th Floor New York, NY 10036-8775

October 1, 2015. Ms. Sherry Hazel American Institute of Certified Public Accountants 1211 Avenue of the Americas, 19 th Floor New York, NY 10036-8775 Deloitte & Touche LLP 695 E Main Street Stamford, CT 06901-2150 Tel: +1 203 761 3000 Fax: +1 203 761 3013 www.deloitte.com October 1, 2015 Ms. Sherry Hazel American Institute of Certified Public Accountants

More information

An Introduction to ISO 22000: Food Safety Management Systems

An Introduction to ISO 22000: Food Safety Management Systems : Food Safety Management Systems Stefan Nygren What is ISO 22000? ISO 22000, Food safety management systems - Requirements for any organization in the food chain, was first published in 2005. The standard

More information

SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report

SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report Presenting a live 110 minute teleconference with interactive Q&A SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report WEDNESDAY,

More information

METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April

METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April Data Centre Quality and Security Enterprise Security Management METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April Corporate Security & Risk Group (CSRG) Interoute

More information

Mining Initial Public Offering Guide. TSX s Global Leadership in Mining. Your lawyer. Your law firm. Your business advisor.

Mining Initial Public Offering Guide. TSX s Global Leadership in Mining. Your lawyer. Your law firm. Your business advisor. Mining TSX s Global Leadership in Mining Your lawyer. Your law firm. Your business advisor. Bennett Jones is widely recognized as the leading Canadian law firm in energy and natural resources. In keeping

More information

Re: Industry Canada Consultation on the Canada Business Corporations Act (the Consultation )

Re: Industry Canada Consultation on the Canada Business Corporations Act (the Consultation ) May 9, 2014 Director General Marketplace Framework Policy Branch Industry Canada 235 Queen Street, 10 th Floor Ottawa, Ontario K1A 0H5 e-mail: cbca-consultations-lcsa@ic.gc.ca Re: Industry Canada Consultation

More information

TransAlta Corporation Energy Trading Compliance Program Assessment

TransAlta Corporation Energy Trading Compliance Program Assessment www.pwc.com/ca Energy Trading Compliance Program Assessment Disclaimer We prepared this report based on information available at the time of its preparation. Our observations and conclusions are based

More information

Auditing CPA EXAM REVIEW V 1.0

Auditing CPA EXAM REVIEW V 1.0 V 1.0 CPA EXAM REVIEW Auditing UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1.877.CPA. EXAM (Outside the U.S. +1.630.472.2213)

More information

Examination of Construction Management Contract for West Block Rehabilitation Project

Examination of Construction Management Contract for West Block Rehabilitation Project Examination of Construction Management Contract for West Block Rehabilitation Project PCL Invoices #1 to 18 for the period from June 30, 2011 to December 21, 2012 June 18, 2013 To the Parliamentary Precinct

More information

Managing risks in a Salesforce environment

Managing risks in a Salesforce environment Managing risks in a Salesforce environment Managing risks in a Salesforce environment In today s rapidly changing world of business, only companies that understand and anticipate customer needs and consistently

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

Quality Management Standard BS EN ISO 9001:2008. www.imsworld.org

Quality Management Standard BS EN ISO 9001:2008. www.imsworld.org Quality Management Standard BS EN ISO 9001:2008 The Origin of Quality Standards Ministry of Defence Marks & Spencer Ford Motor Company All had their own Quality standards, which they expected their suppliers

More information

JLT Mining. The Canadian economy is, in part, driven by a robust and sophisticated Mining Industry.

JLT Mining. The Canadian economy is, in part, driven by a robust and sophisticated Mining Industry. Mining Jardine Lloyd Thompson (JLT) is an international group of Risk Specialists and Employee Benefits Consultants and one of the largest companies of its type in the world. We offer a distinctive choice

More information

Lifting the fog* Accounting for uncertainty in income taxes

Lifting the fog* Accounting for uncertainty in income taxes Lifting the fog* Accounting for uncertainty in income taxes Contents Introduction 01 Identifying uncertain tax positions 02 Recognizing uncertain tax positions 03 Measuring the tax benefit 04 Disclosures

More information

K-W YMCA Endowment Foundation. Financial Statements December 31, 2014

K-W YMCA Endowment Foundation. Financial Statements December 31, 2014 K-W YMCA Endowment Foundation Financial Statements December 31, April 14, 2015 Independent Auditor s Report To the Members of K-W YMCA Endowment Foundation We have audited the accompanying financial statements

More information

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016 Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information