Role is Broader and More Strategic
|
|
- Loreen Dean
- 8 years ago
- Views:
Transcription
1 Internal Control Transformation IC s Role is Broader and More Strategic CACUBO Winter Workshop
2 Introduction Cindy Berg Director McGladrey LLP 201 N Harrison Street Davenport, Iowa cindy.berg@mcgladrey.com Phone:
3 Agenda Introduction Areas sensitive to fraud Internal control strategies SOC reports Questions 2
4 Objectives Build awareness of areas at risk for potential fraud Internal control strategies specific to higher education Basic knowledge of SOC reports and their role in your internal control system 3
5 COSO Internal control components Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities Check out and whitepaper at ownloadabledocuments/coso/coso- 2012_Whitepaper.pdf 4
6 Purpose of internal control Helps you be more successful by: - Preventing or detecting errors - Preventing or identifying fraud. Impact of fraud can be felt through: Lost funds Harm to the Institution s reputation L l l Lower employee morale Stakeholders expect organizations to safeguard resources entrusted to them 5
7 Risk Assessment Principle 8 The organization considers the potential for fraud in assessing risk to the achievement of objectives. - Various ways fraud can occur - Risk factors - Incentives and pressures - Opportunities - Attitudes and rationalizations From Exposure Draft of Internal Control Integrated Framework issued December 2011 by COSO 6
8 Fraud triangle Incentive/Pressure Fraud Risk Opportunity Attitude/Rationalization 7
9 Areas where greater risk for fraud Cash disbursements, especially Procurement cards (P-Cards) Payroll Cash receipts (usually at remote or branch locations) Student financial aid Ticketing venues Travel reimbursements 8
10 War stories P-Cards - Charging g personal items to P-Cards and supervisor reviewing P.O.s or statements not reviewing closely (or delegating the review) Expenses/reimbursements - rubber stamp for approval or inappropriate person approving Federal student loans Financial aid director certifying loans to herself, getting disbursement and then dropping class Payroll payroll clerk changing her tax withholding and replacing the page of the payroll register her information was on 9
11 War stories (continued) Work study funds Borrowing funds from students in exchange for stipends through work study Travel reimbursements Advancement personnel charging for trips to see potential donor but not actually meeting with donors Tickets at athletic events - Pocketing cash at the gate if no ticket system - Scalping tickets Branch location accepting credit cards applying credits to employee s personal credit card 10
12 Internal control strategies Getting the Governing Board/Audit Committee and senior management on board - Tone set - Whistleblower policy Risk assessment Putting controls in place - Policies i to establish what is expected and put procedures in place - Segregation of duties (or if not possible, then mitigating controls) Revising controls for changes in the environment or people 11
13 Internal control strategies Monitoring controls for effectiveness - Accountability for those in review positions Keeping that skepticism - Periodic training for those in review positions REMEMBER: None of your department heads graduated with a degree in how to be a good department head (OK maybe your business school folks came close) 12
14 Client Community College Financial Reporting History (June 2006) - State Auditors for 40 years since inception - 40 years of clean reports - 40 years of no constructive comments - Audit focused on Iowa Code compliance - Exec Director of Finance 30+ years Changes/Recommendations - New VP CFO/COO June 2006 Business vs Education mindset SEC and Sarbanes Oxley trained - Replaced Exec Director of Finance June Changed external auditors June 2009 Restated 2008 financial statements 13
15 Client Community College Changes/Recommendations (continued) - Changed silo finance structure to cross functional - Evaluated each staff position Created new job descriptions Cross training Of 23 finance staff in 2006, only 3 remain Current staff size 21 - More skilled - Higher paid - Created Board Audit Committee - Centralized vs Decentralized functions - Restructured chart of accounts 14
16 SOC reports What are they? Service Organization Controls (SOC) reports (formerly known as SAS 70 reports) A service auditor may be engaged to examine and report on controls at a service organization related to various types of subject matter such as: - controls that affect user entities financial reporting - controls that affect the privacy of information processed for user entities customers SOC 1: Statements on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, establishes the requirements and guidance for a CPA (service auditor) examining and reporting on a service organization s description of its system and its controls that are likely to be relevant to user entities internal control over financial reporting. 15
17 SOC reports What are they? SOC 2: An examination engagement to report on controls at a service organization intended to mitigate risks related to security, availability, processing integrity, confidentiality, or privacy (trust services principles). - AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, establishes guidance. SOC 3: TSP Section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy provides criteria for evaluating and reporting on controls related to security, availability, processing integrity, confidentiality, and privacy. In the examination report included in TSP Section 100, the auditor expresses an opinion on whether the service organization maintained effective controls over its system, based on the criteria in TSP Section 100 that are applicable to the principle(s). 16
18 SOC reports What are they? Although SOC 2 and SOC 3 reports address similar subject matter and use the same criteria in TSP Section 100, a SOC 2 report differs from a SOC 3 report in that a SOC 2 report provides report users with the following report components that are not included in a SOC 3 report: - a description of the service organization s system prepared by management of the service organization, - a description of the service auditor s tests of the operating effectiveness of the service organization s controls and the results of those tests, and - in a type 2 report that addresses the privacy principle, a description of the service auditor s tests of the service organization s compliance with the commitments in its statement of privacy practices and the results of those tests. 17
19 What is the subject matter of the engagement? SOC 1 SOC 2 SOC 3 Controls at a service organization relevant to user entities internal control over financial i reporting Controls at a service organization relevant to security, availability, processing integrity it confidentiality, or privacy. If the report addresses the privacy principle, the service organization s compliance with the commitments in its statement of privacy practices Controls at a service organization relevant to security, availability, processing integrity, it confidentiality, or privacy If the report addresses the privacy principle, the service organization s compliance with the commitments in its statement of privacy practices 18
20 What is the purpose of the report? SOC 1 SOC 2 SOC 3 To provide information To provide To provide interested to management and the auditor of a user entity about controls at management of a service organization, user entities and other parties with a CPA s opinion about controls at the service a service organization that may be relevant to a user entity s internal control over financial reporting. specified parties with information and a CPA s opinion about controls at the service organization that may affect user entities security, availability, processing integrity, it confidentiality or privacy. organization that may affect user entities security, availability, processing integrity, confidentiality, or privacy. 19
21 Who are the intended users of the report? SOC 1 SOC 2 SOC 3 Auditor s of the user Parties that are Anyone entity s financial statements, management of the user entities, and management of the service organization. knowledgeable about: the nature of the service provided by the service organization how the service org s system interacts with user entities, subservice organizations, and others internal control and its limitations the criteria and how controls address those criteria Tables from 20
22 SOC reports why you should care? Service organizations are part of your internal control system Problems in their organization can lead to problems with their services to your organization Compliance related findings in their organization can be compliance findings for your organization 21
23 SOC reports how you should be using them Obtaining reports and reading them for exceptions, qualified opinion, etc. Determine impact of any exceptions or qualifications on your organization Consider the impact to your internal control system If considering a new service organization, make the SOC reports part of your due diligence 22
24 Conclusion Tone at the top matters more what you do than what you say Internal control is an every changing subject new processes mean the need for new controls - COSO framework is being updated to keep in relevant in the current business world. In an electronic environment reviews are extremely important Do your department heads know what to be looking for? 23
25 Questions??
26 For additional information contact: Cindy Berg, Director McGladrey LLP 201 N Harrison St., Suite 300 Davenport, Iowa cindy.berg@mcgladrey.com Direct For more information on McGladrey s Education practice visit 25
27 McGladrey LLP is the U.S. member of the RSM International ( RSMI ) network of independent accounting, tax and consulting firms. The member firms of RSMI collaborate to provide services to global clients, but are separate and distinct legal entities which cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. McGladrey, the McGladrey signature, The McGladrey Classic logo, The power of being understood, Power comes from being understood and Experience the power of being understood are trademarks of McGladrey LLP. McGladrey LLP 201 North Harrison St, Suite 300 Davenport, Iowa
SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements
More informationSAS No. 70, Service Organizations
SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing
More informationSSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards
A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive
More informationEnterprise risk management: A pragmatic, four-phase implementation plan
Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com
More informationAdvanced Data Analytics, the Fraudsters Worst Enemy
Advanced Data Analytics, the Fraudsters Worst Enemy Introducing Powerful Tools and Techniques to Uncover Fraud Agenda Overview of data analytics in the anti-fraud and fraud investigation context Capability
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationService Organization Control (SOC) Reports
Service Organization Control (SOC) Reports Transitioning from SAS 70 to SSAE 16 Deloitte & Touche LLP Agenda Overview SAS 70/SSAE 16 Historical Perspective The New Framework Under SSAE 16 (SOC 1) Impact
More informationIs There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner
Is There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner Learning Objectives: Understand how fraud can occur Learn procedures you can implement to prevent fraud Learn how to detect fraud Common Situations
More informationReports on Service Organizations Where we ve been?
Reports on Service Organizations Where we ve been? What s changing? How does this impact Internal Audit? Eric Wright Shareholder Frank Dezort Senior Manager Schneider Downs & Co., Inc. May 2, 2011 Overview
More informationACC 215 ETHICS IN ACCOUNTING. Upon completion of this course, the student will be able to:
ACC 215 ETHICS IN ACCOUNTING COURSE DESCRIPTION: Perequisites: ACC 121 Corequistites: None This course introduces students to professional codes of conduct and ethics adopted by professional associations
More informationHow to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant 281-351-2688
How to set up a people based accounting system that makes your small business work for you. By Thomas G. Post Certified Public Accountant 281-351-2688 www.texastaxman.com 1 Title How to set up a people
More informationDISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY
Audit Committee - 1. Call to Order - Nicholas Majett, Chairperson DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY Board of Directors Audit Committee Thursday, October 2, 2014 10:30 a.m. 1. Call to Order..Nicholas
More informationKey Benchmarks. NACUBO 2013 Planning and Budgeting Forum September 17, 2013
Key Benchmarks NACUBO 2013 Planning and Budgeting Forum September 17, 2013 Agenda Purpose of ratios and benchmarking Important key performance measures definitions and calculations Analyzing the results
More informationG24 - SAS 70 Practices and Developments Todd Bishop
G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS
More informationSEC auditor independence considerations
SEC auditor independence considerations When a PEG has a registered investment adviser September 2013 The Dodd-Frank Wall Street Reform and Consumer Protection Act requires most advisers of private funds
More informationFarewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting
Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative
More informationHow To Prevent Fraud On A Credit Card
Fraud Detection and Prevention Financial Management Advisory Council August 28, 2014 Sarah Mahugh, CPA, MBA Financial Audit Audit Manager Overview Fraud trends Fraud Risks and internal controls Case Studies
More informationSTATE BOARD OF ACCOUNTS 302 West Washington Street Room E418 INDIANAPOLIS, INDIANA 46204-2765
STATE BOARD OF ACCOUNTS 302 West Washington Street Room E418 INDIANAPOLIS, INDIANA 46204-2765 REVIEW REPORT OF INDIANA PROFESSIONAL LICENSING AGENCY March 1, 2002 to April 30, 2005 TABLE OF CONTENTS Description
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationProject Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012
Project Management/Controls and their impact on Auditing and Accounting Issues October 31, 2012 Today s presenters Patrick Hagan National Managing Partner State and Local Government patrick.hagan@mcgladrey.com
More informationFeeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770
Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com SAS 70 Background 2 SAS No. 70 Reports on the Processing of Transactions by Service Organizations Independent examination
More informationThis policy applies to all employees who hold or use petty cash funds, including the security, disbursement, reimbursement and use of these funds.
Policy Number: CS-1001-2013 Policy Title: Petty Cash Fund Policy Policy Owner: Chief Financial Officer Effective Date: April 17, 2013 1. PURPOSE The purpose of Mohawk College s Petty Cash Fund Policy (
More informationUnderstanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016
Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we
More informationGovernance and Greater Financial Awareness in Nonprofit Organizations
Governance and Greater Financial Awareness in Nonprofit Organizations Presented by: Arthur M. Winstead, Jr. Davenport, Marvin, Joyce & Co., LLP Certified Public Accountants & Consultants 1 www.dmj.com
More informationInternal Controls: Documentation and Testing What the Auditor Is Looking For
What the Auditor Is Looking For Presented by: Dennis F. Dycus, CPA, CFE, CGFM, Director Office of the Comptroller of the Treasury Division of Municipal Audit TAUD Administrative Professional s Conference
More informationUnderstanding Vendor Risk And Analyzing the SSAE No. 16
Understanding Vendor Risk And Analyzing the SSAE No. 16 Accelerate your Credit Union s Performance June 19, 2014 AUSTIN, TEXAS www.cuaccelerator.com Agenda Vendor Management Key Outsourcing Risk Areas
More informationAre You Playing Russian Roulette With Your Client s Damages Award?
Are You Playing Russian Roulette With Your Client s Damages Award? Prepared by: David Majors, Director, RSM McGladrey, Inc. david.majors@mcgladrey.com John Tira, Senior Associate, RSM McGladrey, Inc. john.tira@mcgladrey.com
More informationHow to determine if a not-for-profit organization needs specialized accounting software
How to determine if a not-for-profit organization needs specialized accounting software Prepared by: Charles J. Riess, Senior Director, MBA, epmt, McGladrey LLP 212.372.1222, charles.riess@mcgladrey.com
More informationG24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP
G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the
More informationUniversity Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment
Internal Controls Enterprise-Wide Risk Assessment Balancing Risk and Controls In order to achieve goals and objectives, management needs to effectively balance risks and controls. Control procedures need
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationGoodbye, SAS 70! Hello, SSAE 16!
Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70
More informationMonitoring Outside Service Providers, Part III: SAS 70 Updates
Monitoring Outside Service Providers, Part III: SAS 70 Updates Richard F. Fischer, CPA Louis Plung & Company, LLP richard.fischer@louisplung.com 412-281-8771 CHANGES TO SAS 70 SERVICE ORGANIZATIONS: Statement
More informationInformation for Management of a Service Organization
Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure
More informationAt a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.
At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new
More informationCSA Position Paper on AICPA Service Organization Control Reports
CSA Position Paper on AICPA Service Organization Control Reports February 2013 2013, Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link
More informationFraud: Real Stories, Real People, Real Impact
Fraud: Real Stories, Real People, Real Impact Chris Harper, CPA, MBA Senior Manager Types of Fraud Asset misappropriation Fraudulent financial reporting Identity theft Detection Skills The Fraud Triangle
More informationService Organization Control Reports
SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationNew Expanded Disclosures
September 2010 Expanded Disclosures About Credit Quality of Financing Receivables and Allowance for Credit Losses Required as Early as 2010 Accounting Insights is a publication of McGladrey & Pullen, LLP
More informationFAQs New Service Organization Standards and Implementation Guidance
FAQs New Service Organization Standards and Implementation Guidance During the past two years several significant changes have occurred in audit and attest standards for reporting on controls at service
More informationThe end of SAS70 what next for Performance Assurance?
Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need
More informationService Organization Controls. Managing Risks by Obtaining a Service Auditor s Report
Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA, CITP, Partner at RubinBrown, LLP Janis Parthun, CPA, CITP, Sr. Technical Manager
More informationLOCAL GOVERNMENT MANAGEMENT ASSESSMENT OVERVIEW AND QUESTIONNAIRE
LOCAL GOVERNMENT MANAGEMENT ASSESSMENT OVERVIEW AND QUESTIONNAIRE The Comptroller s Economic Development and Analysis (EDA) Division provides education and direct assistance to local governments, helping
More informationFRAUD RISK ASSESSMENT
FRAUD RISK ASSESSMENT All agencies are subject to fraud risks and need to complete a fraud risk assessment for their agency at least every biennium. A detailed fraud assessment needs to be performed by
More informationThe Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011
The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 Table of Contents A Short History of SAS 70 Overview of SSAE 16 and ISAE 3402
More informationConsideration of Fraud in a Financial Statement Audit
Consideration of Fraud in a Financial Statement Audit 1719 AU Section 316 Consideration of Fraud in a Financial Statement Audit (Supersedes SAS No. 82.) Source: SAS No. 99; SAS No. 113. Effective for audits
More informationThe Other Side of CFPB Compliance
The Other Side of CFPB Compliance Strengthening your compliance program via vendor management Legal Disclaimer This information is for the use of attendees only. Any distribution, reproduction, copying
More informationNew CFPB mortgage servicing rules present significant challenges for mortgage servicers
New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey
More informationGuide to Public Company Auditing
Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues
More information2/27/2014. Introduction to Financial Management Best Practices. Learning Objectives. Donors don t give to groups they don t trust 1
Introduction to Financial Management Best Practices P R E S E N T E D B Y G L E N D A Y. H I C K S, C P A F O R P A R E N T T O P A R E N T O F G E O R G I A, I N C. R E G I O N 3 P T A C F E B R U A R
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationATTESTATION REPORT OF DODGE COUNTY COURT JULY 1, 2013 THROUGH JUNE 30, 2015
ATTESTATION REPORT OF DODGE COUNTY COURT JULY 1, 2013 THROUGH JUNE 30, 2015 This document is an official public record of the State of Nebraska, issued by the Auditor of Public Accounts. Modification of
More informationRISK MANAGEMENT MATRIX FOR ACADEMIES. Contents. Introduction. Mission/objectives. Law and regulation. Governance and management.
RISK MANAGEMENT MATRIX FOR ACADEMIES Contents A B C D E F G H K J Introduction Mission/objectives Law and regulation Governance and management External factors Operational factors Human resources Environmental
More informationNegotiating working capital targets and definitions
Negotiating working capital targets and definitions Prepared by: Robert Moore, Partner, McGladrey LLP 847.413.6223, bob.moore@mcgladrey.com The textbook definition of working capital is the difference
More informationSECTION I INDEPENDENT SERVICE AUDITOR S REPORT
SOC2 Security Report on Controls Supporting DriveSavers Services Independent Service Auditor s Report on Design of Controls Placed in Operation and Tests of Operational Effectiveness Relevant to Security
More informationNorthern Grampians Shire Council FRAUD CONTROL PLAN
Northern Grampians Shire Council FRAUD CONTROL PLAN Northern Grampians Shire Council does not tolerate fraud or improper conduct by its employees, officers or members, nor the taking of reprisals against
More informationInternal Controls. A short presentation from Your Internal Audit Department
Internal Controls A short presentation from Your Internal Audit Department The Old Internal Audit Department The New Internal Audit Department We re here to help! Teach + Train = Change Our goal: Promote
More informationAN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org STAFF VIEWS AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationFrequently asked questions: SOC 2 and 3
1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same
More informationCommonly asked questions on the new tangible property regulations
Commonly asked questions on the new tangible property regulations A compilation of questions and answers from recent webcasts November 2013 Materials and supplies Question 1: How is a rotable defined?
More informationEnterprise resource planning for not-for-profits: Aligning people, processes and technology across your organization
Enterprise resource planning for not-for-profits: Aligning people, processes and technology across your organization Prepared by: Charles J. Riess, Senior Director, MBA, epmt, McGladrey LLP 212.372.1222,
More informationEvaluating time and expense systems: Choosing the right platform for your organization
Evaluating time and expense systems: Choosing the right platform for your organization Prepared by: Art Shearon, Manager, McGladrey LLP 703.627.7795, art.shearon@mcgladrey.com August 2013 A growing number
More informationFraud Control Theory
13 Fraud Control Theory Using a variation of a saying from the 1960s, fraud happens. Like all costs of doing business, fraud must be managed. Management must recognize that people commit fraudulent acts
More informationMEMORANDUM INTERNAL CONTROL REQUIREMENTS FOR NON-PROFITS
DIVISION OF CHILD CARE AND EARLY CHILDHOOD EDUCATION HEALTH AND NUTRITION UNIT P O BOX 1437, SLOT S 155 501-320-8982 FAX: 501-682-2334 TDD: 501-682-1550 TO: NON-PROFIT INSTITUTIONS FROM: HEALTH AND NUTRITION
More informationAcquisition Integration. Challenges and Solutions
Acquisition Integration Challenges and Solutions Introductions Jay Turchin, Director Tax Process & Technology McGladrey New York, NY Julia Summerville, Director Tax Process & Technology McGladrey Charlotte,
More informationInternal Controls and Fraud Detection & Prevention. Harold Monk and Jennifer Christensen
Internal Controls and Fraud Detection & Prevention Harold Monk and Jennifer Christensen 1 Common Fraud Statements Everyone in government has an honest and charitable heart. It may happen other places,
More informationEight common mortgage loan origination fraud schemes to watch for today
Eight common mortgage loan origination fraud schemes to watch for today Prepared by: Al Kohl, Manager, McGladrey LLP 816.751.4015, al.kohl@mcgladrey.com January 2013 Despite closer scrutiny by regulators
More informationService Organization Control (SOC) reports What are they?
Service Organization Control (SOC) reports What are they? Jeff Cook, CPA, CITP, CIPT, CISA June 2015 Introduction Service Organization Control (SOC) reports are on the rise in the IT assurance and compliance
More informationService Organization Controls. Managing Risks by Obtaining a Service Auditor s Report
Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA/CITP, Partner at RubinBrown, LLP Janis Parthun, CPA/CITP, Sr. Technical Manager
More informationTable of Contents: Chapter 2 Internal Control
Table of Contents: Chapter 2 Chapter 2... 2 2.1 Establishing an Effective System... 2 2.1.1 Sample Plan Elements... 5 2.1.2 Limitations of... 7 2.2 Approvals... 7 2.3 PCard... 7 2.4 Payroll... 7 2.5 Reconciliation
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationhttp://www.procognis.com January 2005 Lynda Radke, CPA CFO, ProCognis, Inc. info@procognis.com Abstract 1. Planning for Sarbanes-Oxley 404 Compliance
http://www.procognis.com January 2005 Sarbanes-Oxley Section 404 Planning and Documentation Complying with the Provisions of the new Law: Developing a Compliance Plan and Documenting Controls Abstract
More informationCybersecurity and the AICPA Cybersecurity Attestation Project
Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force 2 October 2015 Increasing awareness of cybersecurity
More informationDocumentation of Use of a Type 2 Service Auditor s Report In an Audit of an Employee Benefit Plan s Financial Statements
Documentation of Use of a Type 2 Service Auditor s Report In an Audit of an Employee Benefit Plan s Financial Statements PLAN NAME: PLAN YEAR END: CLIENT NUMBER: SCOPE OF PLAN AUDIT: LIMITED FULL Note:
More informationUpdate on AICPA Assurance Services Executive Committee Activities
Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA Agenda ASEC overview Summary of work streams by
More informationTITLE: Fraud Prevention and Detection Program IDENTIFIER: S-FW-LD-1008 APPROVED: Executive Cabinet (Pending)
PAGE 1 of 5 TITLE: Fraud Prevention and Detection Program IDENTIFIER: S-FW-LD-1008 APPROVED: Executive Cabinet (Pending) ORIGINAL: 11/03 REVISED: 10/07, 09/10, 04/13 REVIEWED: EFFECTIVE DATE Acute Care
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationThe Affordable Care Act: What s next for employers?
The Affordable Care Act: What s next for employers? Prepared by: Jill Harris, Director, Washington National Tax, McGladrey LLP 507.226.0482, jill.harris@mcgladrey.com Bill O Malley, Director, Washington
More informationWorking With Your Auditor
Working With Your Auditor Internal controls are used to ensure that financial statements are accurate and the plan is being operated effectively, efficiently and in compliance with laws and regulations.
More informationFINANCIAL MANAGEMENT POLICIES AND PROCEDURES
FINANCIAL MANAGEMENT POLICIES AND PROCEDURES SAMPLE 1. GENERAL PURPOSE The purpose of these policies is to establish guidelines for developing financial goals and objectives, making financial decisions,
More informationIdentifying loan process enhancements to contain costs and enhance revenue
Identifying loan process enhancements to contain costs and enhance revenue Prepared by: Linda Mackey Krygier, Director, McGladrey LLP 415.848.5354, linda.mackey@mcgladrey.com December 2012 With the slow
More informationImplementing Internal Controls over Executive Compensation Creating a Sustainable Compensation Control Environment
NASPP Implementing Internal Controls over Executive Compensation Creating a Sustainable Compensation Control Environment Michael S. Kesner, Principal Sustainable Compensation Control Environment Tone At
More informationSOC Readiness Assessments. SOC Report - Type 1. SOC Report - Type 2. Building Trust and Confidence in Third-Party Relationships
Building Trust and Confidence in Third-Party Relationships Today s businesses rely heavily on outsourcing certain business tasks or functions to service organizations, even those that are core to their
More informationLeveraging Your ERP System to Enhance Internal Controls
July 2015 Leveraging Your ERP System to Enhance Internal Controls Public Sector Entities By Melinda J. DeCorte, CPA, CFE, CGFM, and Jeanne M. Owings, Principal Audit Tax Advisory Risk Performance Even
More informationInternal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned
Internal Controls over Financial Reporting Integrating in Business Processes & Key Lessons learned Introduction Stephen McIntyre, CA, CPA (Illinois) Senior Manager at Ernst & Young in the Risk Advisory
More informationSSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch
SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,
More informationSOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
More informationStrengthening Business Practices:
Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services and Control Office of the President November 2011 Control Environment Agenda
More informationFraud Issues in Local Government
Fraud Issues in Local Government CMTA Annual Conference April 24, 2009 Justin Williams, CPA, CVA Fraud Triangle In normal circumstances, all three factors must be present Pressures Opportunity Rationalization
More informationUnderstanding SAS 70 Reports on Internal Control
Understanding SAS 70 Reports on Internal Control PwC Agenda Internal Control Reporting: A Focus on SAS 70 Trends affecting internal control reporting Discussion points for Mutual Fund Directors with management
More informationMelissa M. Wolf, CPA (570) 820.0186 Melissa.Wolf@ParenteBeard.com. Employee Benefit Plan Auditing and Regulatory Update 2012
Melissa M. Wolf, CPA (570) 820.0186 Melissa.Wolf@ParenteBeard.com Employee Benefit Plan Auditing and Regulatory Update 2012 Agenda ASU 2010-06 SOC1 (Formerly SAS 70), SOC2 and SOC3 Department of Labor
More informationEPCS Third party audits the CPA perspective. 13 September 2012
EPCS Third party audits the CPA perspective 13 September 2012 Agenda Introduction History Report review Audit process Moving forward Introduction 1311.300 Application provider requirements Third-party
More informationMAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations
MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS Nick Harrahill PayPal Global Security Operations AGENDA Inception of an engagement The legal agreement Assessing the risk Customer call
More informationInternal Controls over Cash for Small Nonprofits
Internal Controls over Cash for Small Nonprofits Internal controls may be a sensitive issue in small nonprofit organizations. These organizations are built on the concepts of honesty, truthfulness, and
More informationINTERNAL CONTROL POLICIES
INTERNAL CONTROL POLICIES 2701 Internal Control Policy 2701.1 Addendum Internal Control Standard #1 Payments Cycle 2701.2 Addendum Internal Control Standard #2 Conversion Cycle 2701.3 Addendum Internal
More informationRECKENEN FOCUS ON SAS 70 & SSAE 16
RECKENEN FOCUS ON SAS 70 & SSAE 16 Hassan Sultan, CPA Managing Director 3001 Park Center Drive Suite 1000 Alexandria, VA 22302 Phone (703) 249 4509 Email hsultan@reckenen.com SAS 70 & SSAE 16 Overview
More informationBaker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated
More informationPrüfung von Outsourcing mit SAS70
Prüfung von Outsourcing mit SAS70 AGENDA Historical flashback Reasons for the standard Major contents Potential areas of SAS 70 application Audit approach and Responsibility Client and Service Provider
More information