OUTSOURCING AND SERVICE AUDITOR S REPORTS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "OUTSOURCING AND SERVICE AUDITOR S REPORTS"

Transcription

1 OUTSOURCING AND SERVICE AUDITOR S REPORTS FREEDOM TO DO BUSINESS

2

3 Outsourcing and service Auditor s Reports 3 OUTSOURCING AND SERVICE AUDITOR S REPORTS SERVICE AUDITOR S REPORTS ARE GROWING IN IMPORTANCE, BUT WITH TECHNICAL TERMINOLOGY AND STRINGENT REQUIREMENTS, THEY CAN BE CONFUSING. BDO RISK ADVISORY SERVICES HAS PUT TOGETHER THIS GUIDE TO HELP YOU UNDERSTAND SERVICE AUDITOR S REPORTS AND ASSIST IN MATCHING THE NEEDS OF SERVICE ORGANIZATIONS. MORE KNOWLEDGE FOR YOU AND YOUR AUDITORS Our Service Auditor s Reports will give your clients and their auditors an in-depth understanding of the internal controls within the Service Organization. OUTSOURCING Internal controls are one of the core competencies of Service Organizations and external providers. Entrusting the effectiveness of a company s system of internal controls to an external service provider offers several benefits. By outsourcing certain functions, organizations can benefit from a much broader range of skill sets and access to specialty services that bring best practice knowledge to the client company and achieve economies of scale and economic efficiencies. An outsourced function generally has a broader perspective and is able to provide benchmarks that are not otherwise available in-house. Outsourcing firms have experience with many systems and situations and are able to provide more precise metrics. Outsourcing also allows management to stay focused on core business operations, rather than worry about managing and maintaining certain non-core business processes. Outsourcing can however, substantially increase the risk for an organization if the outsourcing relationship and the appropriate internal controls are not managed appropriately.

4 4 Outsourcing and service Auditor s Reports WHAT IS A SERVICE AUDITOR S REPORT? Service Auditor s Reports are designed to provide information and assurance about controls within a Service Organization to User Organizations (clients) and their auditors. The audit of a Service Auditor s Report is conducted in accordance with the standards issued by the International Federation of Accountants (IFAC). ISAE 3402 include the professional standards used by a Service Auditor to report on the processing of transactions by a Service Organization for use by management, clients, and other auditors. The Value of a Service Auditor s Report Service Auditor s Reports are primarily used by the Service Organization, their clients and the client s auditors. The client s auditors can use the report to gain an understanding of the internal controls in operation at the Service Organization. Depending on the type of report, the client s auditors may be able to consider the Service Organization s internal controls in planning and executing their internal audit plans. MORE TIME, LESS FEES With our Service Auditor s Reports, your exposure to client on-site auditors can be eliminated. The Service Auditor s Report may also be used by current clients, prospective clients, stakeholders and other interested parties to gain an understanding of the internal control environment of the Service Organization. A Service Auditor s Report will provide many benefits to the Service Organization and here are the main reasons for getting one: The business model of a Service Organization is to have multiple clients. If the activities outsourced are material, some or all of the client s auditors will visit the Service Organization. A properly developed Service Auditor s Report will minimize the need to deal with client auditors, which can be a very intrusive experience. Also the Service Auditor s Report can reduce client audit fees, and the cost of the process is normally passed to the client through service charges. A Service Auditor s Report can assist the Service Organization in demonstrating that they have processes and procedures in place to ensure that the services being outsourced are managed properly. This can be a key factor in obtaining new business. Most request for proposals nowadays require a Service Auditor s Report from the Service Organization. The current environment of compliance and governance for public companies, under the influence of Sarbanes Oxley and Code Tabaksblatt, requires that any outsourced services are managed effectively with the proper internal controls in place. The Service Auditor s Report is a vehicle by which the arrangement will be managed. The report has become mandatory for any material outsourcing arrangement if the User Organization is a public company, regardless of whether or not the Service Organization is a private company. Many organizations choose to focus on their core activities and are therefore outsourcing those activities which do not belong to the core activities. Because outsourcing doesn t relieve an User Organization of the responsibility over the outsourced activities, User Organizations want to keep control on these activities. They often rely on Service Level Agreements and Service Level Reports. A Service Auditor s Report can give more certainty and provide an objective and independent view whether the Service Organization is compliant with these Agreements. Additionally Service Auditor s Reports can be useful for the chartered accountant or regulatory authorities. The process of obtaining a Service Auditor s Report is also a very effective way of identifying efficiency issues as well as duplication of controls.

5 Outsourcing and service Auditor s Reports 5 BENEFITS OF A SERVICE AUDITOR S REPORT Satisfy client audit requirements Compliance with regulatory requirements Satisfy contract and service level agreement requirements Documentation and testing of internal control structure Streamline business process and controls Type 1 versus Type 2 A Type 1 report is a report on the controls placed in operation as at a specific date. A Type 2 report is a report on the controls placed in operation and tests of the operational effectiveness of controls during a specified period of time. The period of time for a Type 2 report is generally 6 months or 1 year. Since the Type 2 report is an extension of the Type 1 report, if you chose to do a Type 1 report and opted to switch to Type 2, the difference is the application of tests of the operational effectiveness of specific controls for the audit period. Some clients have opted for a Type 1 report for the first year and a Type 2 report in subsequent years. This has the advantage of allowing you to review and improve your controls before undergoing the testing in the Type 2 report. Service Auditor s Report Contents A Service Auditor s Report typically includes several sections. For type 1: I The service organization s description of its system; II A written assertion by the service organization that, in all material respects, and based on suitable criteria: a The description fairly presents the service organization s system as designed and implemented as at the specified date; b The controls related to the control objectives stated in the service organization s description of its system were suitably designed as at the specified date; and III A service auditor s assurance report that conveys reasonable assurance about the matters in (II)a-b above. For type 2: I The service organization s description of its system; II A written assertion by the service organization that, in all material respects, and based on suitable criteria: a The description fairly presents the service organization s system as designed and implemented throughout the specified period; b The controls related to the control objectives stated in the service organization s description of its system were suitably designed throughout the specified period; and c The controls related to the control objectives stated in the service organization s description of its system operated effectively throughout the specified period; and III A service auditor s assurance report that: a Conveys reasonable assurance about the matters in (II)a-c above; and b Includes a description of the tests of controls and the results thereof. The Service Organization is responsible for documenting: The service organization s description of its system; A written assertion by the service organization that, in all material respects, and based on suitable criteria: 1 The description fairly presents the service organization s system as designed and implemented throughout the specified period; 2 The controls related to the control objectives stated in the service organization s description of its system were suitably designed throughout the specified period; and 3 The controls related to the control objectives stated in the service organization s description of its system operated effectively throughout the specified period. The Service Auditor is responsible for: An opinion as to whether the Service Organization s description of its controls presents fairly those controls that have been placed in operation as of the end of the reporting period; An opinion as to whether the service organization has identified the risks that threaten achievement of the control objectives stated in the description of its system; and whether the controls identified in that description would, if operated as described, provide reasonable assurance that those risks do not prevent the stated control objectives from being achieved; Other information the Service Auditor may provide.

6 6 Outsourcing and service Auditor s Reports For a Type 2 Report An opinion that the controls that were tested are operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved for the audit period; Determining which controls are, in his or her judgment necessary to achieve the control objectives and the nature, timing, and extent of the tests of the selected controls; A description of the tests of operational effectiveness of controls and the results of those tests. BDO S APPROACH & FRAMEWORK BDO s approach to a Service Auditor s Report engagement includes providing a team of professionals who specialize in internal controls and technology risk and security. We believe this provides your organization with the highest quality and cost effective Service Auditor s Report. The Solution Our approach has always been to develop a unique solution for each client. Readiness Assessment A readiness assessment is an evaluation of client readiness in relation to a successful Type 1 or Type 2 Service Auditor s Report audit. This assessment will also determine the needs of the client and the road map to achieving a successful project. This type of engagement will answer the following type of questions: Does the client need a Service Auditor s Report? What are the major stumbling blocks to achieving a successful Service Auditor s Report? What are the costs of such an engagement and how can these costs be minimized? What other alternatives does the client have? When is the earliest that a Service Auditor s Report could be successfully executed? Who will draft the control objectives, control descriptions and other aspects of the report? Best practices Specified Audit Procedures Periodically the execution of a specified procedures report can be a less costly alternative. This report provides third party verification or comfort that procedures or processes at the organization are working as intended. The scope of these engagements can be limited. To achieve this, the engagement will focus on key risks or processes and might not cover all concerns of existing or potential clients as would a Service Auditor s Report. Type 1 or Type 2 Service Auditor s Report As outlined earlier, this provides an independent verification, either at a specific point in time or over a period of time, that internal controls are in place to achieve specific objectives. An Independent Review of Internal Controls This review is conducted in accordance with international standards set by IFAC and the Institute of Internal Auditors (IIA). This provides management with an assessment of the design and operational effectiveness of controls in meeting operating, reporting and compliance objectives set by the organization. SERVICE AUDITOR S REPORT TERMINOLOGY User Organization An entity that has engaged a Service Organization for a Service User Auditor The auditor who reports on the financial statements of the User Organization Service Organization An entity that provides services to a User Organization ISAE 3402 International Standard on Assurance Engagements number 3402 is an international accepted audit standard from the International Federation of Accountants (IFAC). The format of the report is fixed and gives detailed information about the internal controls. Service Auditor The auditor who reports on and tests the controls of a Service Organization Service Auditor s Report An independent report issued by a Service Auditor over the internal controls of a Service Organization TPM (Third Party Announcement) The format of a third party announcement is not prescribed like a SAS 70 report Third Party Certification Procedure by which a third party (independent Auditor) gives written assurance that a product, process or service conforms to specified requirements over a period in time.

7 Outsourcing and service Auditor s Reports 7 THE AUDIT PROCESS The general steps within a Service Auditor s Report process follows the traditional audit approach but may differ based on the Service Organization s current control environment. A typical engagement would include: 1 Consulting with management and involved parties to gain an understanding of the Service Organization s business processes, risks, control environment and control components. SUPPORTIVE IT STRATEGIES At BDO, you can rely on professionals who understand the information technology risks and rewards and understand the alignment of IT with business objectives. 2 Providing guidance to management on the adequacy of their risk assessment, control objectives and controls as it relates to their environments and their respective industries prior to testing. 3 Performing on-site testing at various points in time during the reporting period to determine the effectiveness of the controls placed in operation and the operational effectiveness of the controls for Type 2 reports. Testing typically includes inquiry, inspection of documents and records, and observation of activities. The extent of testing will vary depending on the scope of the report (including Type and the period covered). 4 Preparing a draft report to be reviewed by the Service Organization for accuracy and completeness of the details. 5 Delivering a management letter to senior management for any control deficiencies uncovered during the course of the audit. 6 Issuing the Service Auditor s Report in hardcopy and electronic format.

8 8 Outsourcing and service Auditor s Reports AUDIT FRAMEWORK With our experience in preparing Service Auditor s Reports, we have developed an efficient approach that reduces your time commitment. You receive a complete Service Auditor s Report that covers the requirements of your clients, their auditors, and other regulatory bodies. We can also provide you with observations to improve your internal controls and operational efficiencies. The following is the framework and approach followed by BDO in completing Service Auditor s Report engagements: BDO ADVANTAGE Boutique-level responsiveness We tailor our approach not just our deliverables Pragmatic methodology Our customized, flexible methodology enables us to step in at any stage Experienced professionals Our team includes experienced professional staff with a balanced mix of CA firm, IT and industry experience CA firm perspective As a Public Accountant, we have a deep understanding and sensitivity to your external auditor s requirements

9 Outsourcing and service Auditor s Reports 9 FREQUENTLY ASKED QUESTIONS What is Sarbanes-Oxley 404 and how does it relate to ISAE 3402 Reporting? In July 2002, the United States Congress passed the Sarbanes-Oxley Act ( the Act ) into law. The Act calls for the formation of a Public Company Accounting Oversight Board (PCAOB) and specifies several requirements that include management s annual assertion that internal controls over financial reporting are effective (Section 404). In the case of Section 404, the independent auditor of the organization is required to opine on management s assertion over internal control in addition to the auditor s opinion on the fair presentation of the organization s financial statements. REGISTERED TO SERVE YOU Public accountants like BDOs must register with the Autoriteit Financiële Markten (AFM) and the International Federation of Accountants (IFAC). Registered EDP Auditors from BDO are subject to the boards regulations and must submit to their inspection rules. In addition, they are registered with the NOREA (professional association for IT auditors in the Netherlands) and must comply with the NOREA Code of Ethics. In order for management to make its annual attestation on the effectiveness of its internal control, management is required to document and evaluate all controls. Management will look to the Service Organization for information on the design and operational effectiveness of its controls if the organization uses the service provider to process transactions, host data, or other significant services. Management can obtain a Service Auditor s Report from the Service Organization to gain an understanding of the Service Organization s controls and effectiveness of those controls and derive the required assurance. Who can perform a Service Auditor s Reports? Service Auditor s Reports can only be performed by independent registered auditors. Professional audit firms that issue Service Auditor s Reports must adhere to specific professional standards established by the IFAC or the American Institute of Certified Public Accountants (AICPA). Firms are required to follow specific guidance related to planning, execution, and supervision of the audit procedures. In addition, firms are required to undergo a peer review to ensure that the firm s audits are conducted in accordance with generally accepted auditing standards. Is there a list of standard risks, control objectives and controls? Since Service Organizations are responsible for assessing their risks, defining their control objectives and describing their controls, there is no published list of standard control objectives and controls. Generally, the control objectives are specific to the Service Organization and their customers. A Service Organization may consult with their Service Auditor for guidance on the control objectives. What are Type 1 and Type 2 ISAE 3402 audit differences? Type 1 ISAE 3402 audits opine on controls that are in place as of a date in time. The opinion deals with the fairness of presentation of the controls and the design of the controls in terms of their ability to meet defined control objectives. In addition, the auditor assesses whether the service organization has identified the risks that threaten achievement of the control objectives stated in the description of its system. Since these reports only provide assurance over a single day, they are of limited value to third parties. Type 2 ISAE 3402 audits opine on controls that were in place over a period of time, which is typically a period of six months or more. The opinion deals with the fairness of presentation of the controls, the design of the controls with regard to their ability to meet defined control objectives, and the operational effectiveness of those controls over the defined period. Third parties are better able to rely on these reports because a verification is provided regarding these matters for a substantial period of time.

10 8 Outsourcing and service Auditor s Reports Does the entire organization have to be audited? No. The Service Auditor s Report is risk based and should focus on the control environment surrounding the services provided to customers. The Service Auditor s Report can be customized to specifically identify the applicable data centers, operating environments and applications that are covered in the audit. An organization may have many business units while only one may process transactions or provide data processing services for its customers. How are Service Auditor s Reports generally distributed? The result of an ISAE 3402 audit engagement is the issuance of a Service Auditor s Report. The Service Auditor s Report will then be provided to the Service Organization for distribution to their respective customers (User Organizations), User Auditors and other parties. The Service Auditor s Report is usually distributed via hard copy or electronically. Choose a partner who sees things differently. MORE INFORMATION As part of our value-added service, BDO offers a complimentary needs and requirements assessment. This provides you with an opportunity to identify and review your risk advisory requirements with our team of professionals. BDO Audit & Assurance B.V. Central Office phone +31(0)88 BDO IT AC ( ) CALL US, SEE WHAT WE CAN DO We encourage you to contact us to learn more about our services and to meet our team. BDO Profile 27 offices in the Netherlands BDO Member Firms have more than 1,000 offices in over 100 countries 5th largest accounting and advisory network worldwide

11

12 Colophon This publication has been carefully prepared, but it has been written in general terms and should be seen as broad guidance only. The publication cannot be relied upon to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact BDO Audit & Assurance B.V. or BDO Risk Advisory Services to discuss these matters in the context of your particular circumstances. BDO Audit & Assurance B.V. or BDO Risk Advisory Services, its partners, employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this publication or for any decision based on it. BDO is a registered trademark owned by Stichting BDO, a foundation established under Dutch law, having its registered office in Amsterdam (the Netherlands). In this publication BDO is used to indicate the organisation which provides professional services in the field of accountancy, tax and consultancy under the name BDO. BDO Risk Advisory Services is a registered trade name owned by BDO Consultants B.V. in Eindhoven, The Netherlands. BDO Audit & Assurance B.V. and BDO Consultants B.V. are members of BDO International Ltd, a UK company limited by guarantee, and forms part of the worldwide network of independent legal entities, each of which provides professional services under the name BDO. BDO is the brand name for the BDO network and for each of the BDO Member Firms. 04/ IT1101

NEW REGULATIONS FOR DUTCH PUBLIC INTEREST ENTITIES How will they affect your company?

NEW REGULATIONS FOR DUTCH PUBLIC INTEREST ENTITIES How will they affect your company? NEW REGULATIONS FOR DUTCH PUBLIC INTEREST ENTITIES How will they affect your company? Because people matter. New regulations for Dutch public interest entities 3 Introduction of new regulations On 11

More information

Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770

Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770 Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com SAS 70 Background 2 SAS No. 70 Reports on the Processing of Transactions by Service Organizations Independent examination

More information

Here comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements?

Here comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements? SAS 70 EVOLUTION: Here comes SSAE 16 PLANNING FOR THE NEW SERVICE ORGANIZATION REPORTING STANDARDS The prevalence of SAS 70 audits has grown dramatically since the standards issuance in April of 1992.

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the Standards Internal auditing is conducted in diverse legal and cultural environments; for organizations

More information

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (ISAE) 3402 ASSURANCE REPORTS ON CONTROLS AT A SERVICE ORGANIZATION

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (ISAE) 3402 ASSURANCE REPORTS ON CONTROLS AT A SERVICE ORGANIZATION INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (ISAE) 3402 ASSURANCE REPORTS ON CONTROLS AT A SERVICE ORGANIZATION (Effective for service auditors assurance reports covering periods ending on or after

More information

The end of SAS70 what next for Performance Assurance?

The end of SAS70 what next for Performance Assurance? Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need

More information

How quality assurance reviews can strengthen the strategic value of internal auditing*

How quality assurance reviews can strengthen the strategic value of internal auditing* How quality assurance reviews can strengthen the strategic value of internal auditing* PwC Advisory Internal Audit Table of Contents Situation Pg. 02 In response to an increased focus on effective governance,

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...

More information

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING BROKER-DEALER AUDIT CONSIDERATIONS JULY 15, 2010 Introduction

More information

G24 - SAS 70 Practices and Developments Todd Bishop

G24 - SAS 70 Practices and Developments Todd Bishop G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS

More information

DECIDING WHAT MATTERS

DECIDING WHAT MATTERS DECIDING WHAT MATTERS The BDO Code of Ethics Because people matter. DECIDING WHAT MATTERS The BDO Code of Ethics BECAUSE PEOPLE MATTER. Integrity and social responsibility are essential principles in today

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.

At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards. At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers

Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

International Standards for the Professional Practice of Internal Auditing INTRODUCTION ATTRIBUTE STANDARDS

International Standards for the Professional Practice of Internal Auditing INTRODUCTION ATTRIBUTE STANDARDS INTRODUCTION Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation's operations. It helps an organisation accomplish its objectives

More information

MARLIN MIDSTREAM GP, LLC AUDIT COMMITTEE CHARTER

MARLIN MIDSTREAM GP, LLC AUDIT COMMITTEE CHARTER MARLIN MIDSTREAM GP, LLC AUDIT COMMITTEE CHARTER Purpose The Audit Committee (the Committee ) is appointed by the Board of Directors ( Board ) of Marlin Midstream GP, LLC (the Company ), which is the general

More information

Guide to Internal Control Over Financial Reporting

Guide to Internal Control Over Financial Reporting Guide to Internal Control Over Financial Reporting The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting ( ICFR ).

More information

Frequently asked questions: SOC 2 and 3

Frequently asked questions: SOC 2 and 3 1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same

More information

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls ISAE 3402 and SSAE 16 defined Overview of service organisation control reports Service organisation

More information

Reporting on Controls at a Service Organization

Reporting on Controls at a Service Organization Reporting on Controls at a Service Organization 1529 AT Section 801 Reporting on Controls at a Service Organization (Supersedes the guidance for service auditors in Statement on Auditing Standards No.

More information

Singapore Standard on Assurance Engagements Assurance Reports on Controls at a Service Organization

Singapore Standard on Assurance Engagements Assurance Reports on Controls at a Service Organization SINGAPORE STANDARD ON ASSURANCE ENGAGEMENTS SSAE 3402 Singapore Standard on Assurance Engagements Assurance Reports on Controls at a Service Organization Conforming Amendments Preface to the Singapore

More information

Reports on Service Organizations Where we ve been?

Reports on Service Organizations Where we ve been? Reports on Service Organizations Where we ve been? What s changing? How does this impact Internal Audit? Eric Wright Shareholder Frank Dezort Senior Manager Schneider Downs & Co., Inc. May 2, 2011 Overview

More information

Practice Guide. Reliance by Internal Audit on Other Assurance Providers

Practice Guide. Reliance by Internal Audit on Other Assurance Providers Practice Guide Reliance by Internal Audit on Other Assurance Providers DECEMBER 2011 Table of Contents Executive Summary... 1 Introduction... 1 Principles for Relying on the Work of Internal or External

More information

Internal Audit Publication Date: September Legislation Guidance Internal audit function... 3

Internal Audit Publication Date: September Legislation Guidance Internal audit function... 3 INTERNAL AUDIT Contents 1. Legislation... 2 2. Guidance... 3 2.1 Internal audit function... 3 2.2 Outsourcing and sharing arrangements... 5 2.3 Relationship with the auditor... 5 2.4 Internal audit charter...

More information

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS

CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION FORMULATION PROCESS A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 5 PROFESSIONAL AUDITING STANDARDS AND THE AUDIT OPINION

More information

GAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office

GAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office GAO United States Government Accountability Office By the Comptroller General of the United States December 2011 Government Auditing Standards 2011 Revision GAO-12-331G GAO United States Government Accountability

More information

Auditing Standard 5- Effective and Efficient SOX Compliance

Auditing Standard 5- Effective and Efficient SOX Compliance Auditing Standard 5- Effective and Efficient SOX Compliance September 6, 2007 Presented to: The Dallas Chapter of the Institute of Internal Auditors These slides are incomplete without the benefit of the

More information

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 402 AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANIZATION CONTENTS

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 402 AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANIZATION CONTENTS INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 402 AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANIZATION (Effective for audits of financial statements for periods ending on or after

More information

Navigating the Standards for Information Technology Controls

Navigating the Standards for Information Technology Controls Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley

More information

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards Administrative Guidelines on the Internal Control Framework and Internal Audit Standards GCF/B.09/18 18 February 2015 Meeting of the Board 24 26 March 2015 Songdo, Republic of Korea Agenda item 24 Page

More information

The Framework for Quality Assurance

The Framework for Quality Assurance Chapter 1 The Framework for Quality Assurance O v e rv i e w One of internal audit s major assets is its credibility with stakeholders. To provide credible assistance and constructive challenge to management,

More information

Oceaneering International, Inc. Audit Committee Charter

Oceaneering International, Inc. Audit Committee Charter Oceaneering International, Inc. Audit Committee Charter Purpose The Audit Committee of the Board of Directors (the Committee ) is appointed by the Board of Directors (the Board ) to assist the Board in

More information

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter Purpose The Audit Committee is appointed by the Board of Directors (the Board ) of Sears Hometown and Outlet Stores,

More information

Guide to Public Company Auditing

Guide to Public Company Auditing Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues

More information

THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT

THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT White Paper www.a3freightpayment.com THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT Introduction An essential element

More information

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE CHARTERED INSTITUTE OF INTERNAL AUDIT DEFINITION OF INTERNAL AUDIT Internal auditing is an independent, objective assurance and consulting activity designed

More information

SA 600 USING THE WORK OF ANOTHER AUDITOR (EFFECTIVE FOR ALL AUDITS RELATING TO

SA 600 USING THE WORK OF ANOTHER AUDITOR (EFFECTIVE FOR ALL AUDITS RELATING TO I.460 Auditing and Assurance SA 600 USING THE WORK OF ANOTHER AUDITOR (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS BEGINNING ON OR AFTER APRIL 1, 2002) Introduction 1. The Standard on Auditing

More information

SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors

SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors Purpose The purpose of the Audit Committee established by this charter will be to make such examinations as are necessary

More information

GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V.

GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V. GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V. GENERAL TERMS AND CONDITIONS BDO Accountants & Belastingadviseurs B.V. 2 BDO Accountants & Belastingadviseurs B.V. also acts under

More information

STAFF QUESTIONS AND ANSWERS

STAFF QUESTIONS AND ANSWERS STAFF QUESTIONS AND ANSWERS APPLYING ISQC 1 PROPORTIONATELY WITH THE NATURE AND SIZE OF A FIRM This Questions & Answers (Q&A) publication is issued by staff of the International Auditing and Assurance

More information

Compliance Risk Management IT Governance Assurance

Compliance Risk Management IT Governance Assurance Compliance Risk Management IT Governance Assurance Sigma Technology Partners offers its clients number of assurance services including SAS 70 Type I and SAS 70 Type II audits. Our team of CPA s, CISA s

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

International Standards for the Professional Practice of Internal Auditing

International Standards for the Professional Practice of Internal Auditing International Standards for the Professional Practice of Internal Auditing Introduction Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve

More information

Fundamental Principles of Public-Sector Auditing

Fundamental Principles of Public-Sector Auditing ISSAI 100 The International Standards of Supreme Audit Institutions, or ISSAIs, are issued by INTOSAI, the International Organisation of Supreme Audit Institutions. For more information visit www.issai.org

More information

Internal Audit Charters

Internal Audit Charters Internal Audit Charters Part of a series of notes to help Centers review their own internal management processes from the point of view of managing risks and promoting good governance and value for money,

More information

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER Audit Committee Charter AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER Audit Committee Purpose The Audit Committee ( Committee ) is appointed by the Board of Directors of AmTrust Financial Services,

More information

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,

More information

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised) IFAC Board Exposure Draft August 2012 Comments due: December 11, 2012 Proposed International Education Standard (IES) 8 Professional Development for Engagement Partners Responsible for Audits of Financial

More information

Internal Audit Standards

Internal Audit Standards Internal Audit Standards Department of Public Expenditure & Reform November 2012 Copyright in material supplied by third parties remains with the authors. This includes: - the Definition of Internal Auditing

More information

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015 Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015 1. Purposes. The primary purposes of the Audit Committee

More information

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING (Effective for audits of financial statements for periods beginning on or after December 15, 2005. The Appendix contains

More information

Adding value to your ship management business. Shipping & Transport PRECISE. PROVEN. PERFORMANCE.

Adding value to your ship management business. Shipping & Transport PRECISE. PROVEN. PERFORMANCE. Adding value to your ship management business Shipping & Transport PRECISE. PROVEN. PERFORMANCE. 2 Shipping & Transport Adding value to your ship management business The management of risk and implementation

More information

A Sarbanes-Oxley Roadmap to Business Continuity

A Sarbanes-Oxley Roadmap to Business Continuity A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT

More information

Content. About GFPAA IFRS Implementation ISA Implementation Proposed Regulation Future prospects Annex Translated IFRS and ISA by GFPAA

Content. About GFPAA IFRS Implementation ISA Implementation Proposed Regulation Future prospects Annex Translated IFRS and ISA by GFPAA IFRS IMPLEMENTATION IN POST SOVIET COUNTRIES: THE GEORGIAN EXPERIENCE May 19, 2011 Zurab Lalazashvili, GPFAA Chairman Content About GFPAA IFRS Implementation ISA Implementation Proposed Regulation Future

More information

BCAS Accounting and Auditing Committee November 23, 2007 Presented by: Nandita Parekh

BCAS Accounting and Auditing Committee November 23, 2007 Presented by: Nandita Parekh Standards on Internal Audit BCAS Accounting and Auditing Committee November 23, 2007 Presented by: Nandita Parekh Agenda Preface to Standards on Internal Auditing SIA 1 Planning an Internal Audit SIA 2

More information

RECKENEN FOCUS ON SAS 70 & SSAE 16

RECKENEN FOCUS ON SAS 70 & SSAE 16 RECKENEN FOCUS ON SAS 70 & SSAE 16 Hassan Sultan, CPA Managing Director 3001 Park Center Drive Suite 1000 Alexandria, VA 22302 Phone (703) 249 4509 Email hsultan@reckenen.com SAS 70 & SSAE 16 Overview

More information

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE COMMITTEE OF SPONSORING ORGANIZATIONS (COSO) 2013 The Committee of Sponsoring Organizations (COSO) Internal Controls Integrated Framework,

More information

AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015

AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015 AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER Adopted June 25, 2015 I. General Statement of Purpose The purposes of the Audit Committee of the Board of Directors (the Audit Committee ) of Amplify

More information

Background. Audit Quality and Public Interest vs. Cost

Background. Audit Quality and Public Interest vs. Cost Basis for Conclusions: ISA 600 (Revised and Redrafted), Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Prepared by the Staff of the International

More information

BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization

BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization August 2010 BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization This Basis for Conclusions has been prepared by staff of the Auditing

More information

Ipswich Building Society

Ipswich Building Society Ipswich Building Society Internal Audit Charter Approved by Audit and Compliance Committee on 22 October 2015 1. Mission 1. Mission The primary role of Internal Audit is to help protect the assets, reputation

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

Farewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting

Farewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative

More information

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive

More information

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE As amended, restated, and approved by the Boards of Directors on July 28, 2015 This Charter sets

More information

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued

More information

Practice guide. quality assurance and IMProVeMeNt PrograM

Practice guide. quality assurance and IMProVeMeNt PrograM Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...

More information

ISRE 2400 (Revised), Engagements to Review Historical Financial Statements

ISRE 2400 (Revised), Engagements to Review Historical Financial Statements International Auditing and Assurance Standards Board Exposure Draft January 2011 Comments requested by May 20, 2011 Proposed International Standard on Review Engagements ISRE 2400 (Revised), Engagements

More information

Addressing Disclosures in the Audit of Financial Statements

Addressing Disclosures in the Audit of Financial Statements Exposure Draft May 2014 Comments due: September 11, 2014 Proposed Changes to the International Standards on Auditing (ISAs) Addressing Disclosures in the Audit of Financial Statements This Exposure Draft

More information

Risk & Assurance. Tailored to your needs. Internal audit solutions

Risk & Assurance. Tailored to your needs. Internal audit solutions Risk & Assurance Tailored to your needs Internal audit solutions Internal audit solutions The need for internal audit has never been as urgent as it is today. Unmanaged risks can literally cause the demise

More information

Credit Unions RISK ADVISORY SERVICES. Enterprise Risk Management, Internal Audit and Complex Accounting Services

Credit Unions RISK ADVISORY SERVICES. Enterprise Risk Management, Internal Audit and Complex Accounting Services Credit Unions RISK ADVISORY SERVICES Enterprise Risk Management, Internal Audit and Complex Accounting Services Credit unions care about personal service. So do we. How BDO works with credit unions Credit

More information

SAS No. 70, Service Organizations

SAS No. 70, Service Organizations SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing

More information

WIX.COM LTD. (THE COMPANY ) AUDIT COMMITTEE CHARTER

WIX.COM LTD. (THE COMPANY ) AUDIT COMMITTEE CHARTER WIX.COM LTD. (THE COMPANY ) AUDIT COMMITTEE CHARTER The Board of Directors (the Board ) of the Company has constituted and established an Audit Committee (the Committee ) with the authority, responsibility

More information

W. R. GRACE & CO. AUDIT COMMITTEE CHARTER

W. R. GRACE & CO. AUDIT COMMITTEE CHARTER W. R. GRACE & CO. AUDIT COMMITTEE CHARTER I. Purpose. The purpose of the Audit Committee is to assist the Board of Directors in overseeing (1) the integrity of the Company s financial statements, (2) the

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING PANEL DISCUSSION FORENSIC AUDIT PROCEDURES FEBRUARY 22, 2007

More information

Change to the Definition of Engagement Team in the Code of Ethics for Professional Accountants

Change to the Definition of Engagement Team in the Code of Ethics for Professional Accountants IFAC Board Basis for Conclusions Exposure Draft Prepared by the Staff of the IESBA October 2011 March 2013 Comments due: February 29, 2012 International Ethics Standards Board for Accountants Change to

More information

Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers

Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye

More information

SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report

SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report Presenting a live 110 minute teleconference with interactive Q&A SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report WEDNESDAY,

More information

Board of the Centre. Plan for the audit of the 2015 Financial Statements FOR INFORMATION FORTH ITEM ON THE AGENDA

Board of the Centre. Plan for the audit of the 2015 Financial Statements FOR INFORMATION FORTH ITEM ON THE AGENDA INTERNATIONAL TRAINING CENTRE OF THE ILO Board of the Centre 78th Session, Turin, 29-30 October 2015 CC 78/4/3 FOR INFORMATION FORTH ITEM ON THE AGENDA Plan for the audit of the 2015 Financial Statements

More information

APES 320 Quality Control for Firms

APES 320 Quality Control for Firms APES 320 Quality Control for Firms APES 320 Quality Control for Firms is based on International Standard on Quality Control (ISQC 1) (as published in the Handbook of International Auditing, Assurance,

More information

Understanding Vendor Risk And Analyzing the SSAE No. 16

Understanding Vendor Risk And Analyzing the SSAE No. 16 Understanding Vendor Risk And Analyzing the SSAE No. 16 Accelerate your Credit Union s Performance June 19, 2014 AUSTIN, TEXAS www.cuaccelerator.com Agenda Vendor Management Key Outsourcing Risk Areas

More information

Competence Requirements for Audit Professionals

Competence Requirements for Audit Professionals Education Committee Exposure Draft April 2005 Comments are requested by July 15, 2005 Proposed International Education Standard for Professional Accountants Competence Requirements for Audit Professionals

More information

Inspection of Chang G Park (Headquartered in San Diego, California) Public Company Accounting Oversight Board

Inspection of Chang G Park (Headquartered in San Diego, California) Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8433 www.pcaobus.org Inspection of Chang G Park (Headquartered in San Diego, California) Issued by the Public Company

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT Internal Audit and Advisory Services DRAFT PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8

More information

Internal Control over Financial Reporting Guidance for Smaller Public Companies

Internal Control over Financial Reporting Guidance for Smaller Public Companies Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked Questions Internal Control over Financial Reporting Guidance for Smaller Public Companies Frequently Asked

More information

GAO. Government Auditing Standards: Implementation Tool

GAO. Government Auditing Standards: Implementation Tool United States Government Accountability Office GAO By the Comptroller General of the United States December 2007 Government Auditing Standards: Implementation Tool Professional Requirements Tool for Use

More information

Assessing the Adequacy and Effectiveness of a Fund s Compliance Policies and Procedures. December 2005

Assessing the Adequacy and Effectiveness of a Fund s Compliance Policies and Procedures. December 2005 Assessing the Adequacy and Effectiveness of a Fund s Compliance Policies and Procedures December 2005 Copyright 2005 Investment Company Institute. All rights reserved. Information may be abridged and therefore

More information

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER I. PURPOSE The Audit and Finance Committee (the Committee ) of Keysight Technologies, Inc. (the Company ) is appointed by the Board of Directors

More information

SYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER. As adopted by the Board of Directors on November 16, 2011

SYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER. As adopted by the Board of Directors on November 16, 2011 SYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER As adopted by the Board of Directors on November 16, 2011 PURPOSE: This Charter sets forth the composition, authority and responsibilities of

More information

ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information International Auditing and Assurance Standards Board Exposure Draft April 2011 Comments requested by September 1, 2011 Proposed International Standard on Assurance Engagements (ISAE) ISAE 3000 (Revised),

More information

Working with CPAs As part of your team of professionals that you work with to help you improve your business, a CPA is a valuable resource for you and your business. It is important to know how someone

More information

PROPOSED CLARIFIED INTERNATIONAL STANDARD ON QUALITY CONTROL (UK AND IRELAND) 1

PROPOSED CLARIFIED INTERNATIONAL STANDARD ON QUALITY CONTROL (UK AND IRELAND) 1 PROPOSED CLARIFIED INTERNATIONAL STANDARD ON QUALITY CONTROL (UK AND IRELAND) 1 QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES

More information

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions

Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Industry Sound Practices for Financial and Accounting Controls at Financial Institutions Federal Reserve Bank of New York January 2006 FINANCIAL AND ACCOUNTING CONTROLS: INDUSTRY SOUND PRACTICES FOR FINANCIAL

More information

Compliance Risk Management IT Governance Assurance

Compliance Risk Management IT Governance Assurance Compliance Risk Management IT Governance Assurance Sigma Technology Partners offers its clients number of Assurance services including SSAE-16 (Former SAS -70) Type I and Type II reporting. Our team of

More information

BDO S CLOUD ACCOUNTING SOLUTIONS Another helping hand to grow your business START

BDO S CLOUD ACCOUNTING SOLUTIONS Another helping hand to grow your business START BDO S CLOUD ACCOUNTING SOLUTIONS Another helping hand to grow your business START WHY MOVE TO THE CLOUD? MANAGE CASH FLOW Cloud accounting lets you focus on the big picture and have more time to plan future

More information

Changes in the Auditor s Report A fundamental shift

Changes in the Auditor s Report A fundamental shift Changes in the Auditor s Report A fundamental shift 16 March 2016 Arslan Khalid Institute of Chartered Accountants of Pakistan Contents Background - Why change the auditor s report What is changing - New

More information