Monitoring Outside Service Providers, Part III: SAS 70 Updates
|
|
|
- Janis Powell
- 8 years ago
- Views:
Transcription
1 Monitoring Outside Service Providers, Part III: SAS 70 Updates Richard F. Fischer, CPA Louis Plung & Company, LLP
2 CHANGES TO SAS 70 SERVICE ORGANIZATIONS: Statement on Auditing Standards (SAS) 70 Service Organizations Previously included guidance on Auditor s consideration of service organizations in connection with a financial statement audit, and Guidance on the examination of financial controls at a service organization.
3 Statement on Auditing Standards (SAS) 70 Service Organizations Previously misused to cover controls that were unrelated to financial reporting. Previously misused as a marketing tool service organizations were marketing their systems as SAS 70 certified or SAS 70 compliant.
4 SAS 70 Mismarketing Until July, NetSuite, one of the largest and most successful financial SaaS providers, said on its Website that its SAS 70 certification meant that it had been through a rigorous audit of its control over information technology and all related processes, that customer data was always backed up and safely stored, and that it provided reliable service now and in the future. CFO.com The Truth About SAS 70, David McCann, September 1, 2010
5 Changes to SAS Redrafted the SAS 70 guidance for user auditors 2. Replaced guidance on the examination of financial controls at a service organization with Statement on Standards for Attestation Engagement (SSAE) 16, Reporting on Controls at a Service Organization - effective for periods ending on or after June 15, Early implementation permitted.
6 Changes to SAS Guidance was issued to clarify that reports addressing controls unrelated to financial reporting fall under AT Section 101, Attestation Engagements. 4. AICPA issued new guidance in the form of Service Organization Control Reports (SOCs).
7 Changes to SAS 70 New for SSAE 16 Clarified scope Only applicable to address internal controls over the user entities financial reporting. The service auditor is required to identify tests performed by the internal auditors and the service auditor s procedures with respect to their work.
8 Changes to SAS 70 New for SSAE 16 Service auditor is now required to obtain a written assertion from management of the service organization about the fairness of the presentation of its description of the service organization s system and about the suitability of the design. ARA Service Organizations: New Reporting Options 2010/11
9 Changes to SAS 70 New for SSAE 16 New management assertion will either accompany the service auditor s report or be included in the description of the service organization s system. ARA Service Organizations: New Reporting Options 2010/11 The service auditor can no longer rely on work in prior periods to reduce testing in the current period.
10 Changes to SAS 70 New for SSAE 16 In a Type 2 Report, the opinion on the description and suitability of the design of the controls now covers a period of time (same period as the tests of the operating effectiveness of the controls).
11 Service Organization Control Reports Reference materials uditing/resources/soc/pages/sorhome.aspx Video explaining changes GAUDITING/Pages/ServiceOrganizationControlRep orts.aspx
12 Conclusion User controls include the controls at the Plan that ensure that the information transmitted to the service organization is accurate, and/or verify the accuracy or reasonableness of the processing at the service organization. An SOC #1 report is an important part of monitoring a service organization. Other SOC reports may be important to evaluating the quality of the service organization s operations.
13 Questions? Richard F. Fischer, CPA Louis Plung & Company, LLP Four Gateway Center, 9 th Floor Pittsburgh, PA richard.fischer@louisplung.com
SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports
SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements
SAS No. 70, Service Organizations
SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing
SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards
A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive
G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP
G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the
Here comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements?
SAS 70 EVOLUTION: Here comes SSAE 16 PLANNING FOR THE NEW SERVICE ORGANIZATION REPORTING STANDARDS The prevalence of SAS 70 audits has grown dramatically since the standards issuance in April of 1992.
The silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
Service Organization Control (SOC) Reports
Service Organization Control (SOC) Reports Transitioning from SAS 70 to SSAE 16 Deloitte & Touche LLP Agenda Overview SAS 70/SSAE 16 Historical Perspective The New Framework Under SSAE 16 (SOC 1) Impact
Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com. Visit us on the web: www.fdcpa.com Or Call: 888-875-9770
Feeley & Driscoll, P.C. Certified Public Accountants / Business Consultants www.fdcpa.com SAS 70 Background 2 SAS No. 70 Reports on the Processing of Transactions by Service Organizations Independent examination
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated
CSA Position Paper on AICPA Service Organization Control Reports
CSA Position Paper on AICPA Service Organization Control Reports February 2013 2013, Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link
FAQs New Service Organization Standards and Implementation Guidance
FAQs New Service Organization Standards and Implementation Guidance During the past two years several significant changes have occurred in audit and attest standards for reporting on controls at service
The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011
The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 Table of Contents A Short History of SAS 70 Overview of SSAE 16 and ISAE 3402
Understanding Vendor Risk And Analyzing the SSAE No. 16
Understanding Vendor Risk And Analyzing the SSAE No. 16 Accelerate your Credit Union s Performance June 19, 2014 AUSTIN, TEXAS www.cuaccelerator.com Agenda Vendor Management Key Outsourcing Risk Areas
THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT
THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT White Paper www.a3freightpayment.com THE ROLE OF AN SOC 1 REPORT (formerly SAS 70) IN FREIGHT PAYMENT Introduction An essential element
At a glance. A provision to require a written assertion from company management is the most notable difference between the two standards.
At a glance While there are some differences, SAS 70 and SSAE 16 are substantially the same. SAS 70 is an audit standard while SSAE 16 is an attest standard. Out with the old SAS 70 and in with the new
The end of SAS70 what next for Performance Assurance?
Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need
SECTION I INDEPENDENT SERVICE AUDITOR S REPORT
SOC2 Security Report on Controls Supporting DriveSavers Services Independent Service Auditor s Report on Design of Controls Placed in Operation and Tests of Operational Effectiveness Relevant to Security
Service Organization Control Reports
SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences
Service Organization Control (SOC) reports What are they?
Service Organization Control (SOC) reports What are they? Jeff Cook, CPA, CITP, CIPT, CISA June 2015 Introduction Service Organization Control (SOC) reports are on the rise in the IT assurance and compliance
Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report
Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA, CITP, Partner at RubinBrown, LLP Janis Parthun, CPA, CITP, Sr. Technical Manager
Cybersecurity and the AICPA Cybersecurity Attestation Project
Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force 2 October 2015 Increasing awareness of cybersecurity
TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization
November 2011 AICPA Technical Practice Aids TIS Section 9520, SSAE No. 16, Reporting on Controls at a Service Organization.01 New Standards for Service Auditors and User Auditors Inquiry Did the issuance
WELCOME TO SECURE360 2013
WELCOME TO SECURE360 2013 Don t forget to pick up your Certificate of Attendance at the end of each day. Please complete the Session Survey front and back, and leave it on your seat. Are you tweeting?
Reports on Service Organizations Where we ve been?
Reports on Service Organizations Where we ve been? What s changing? How does this impact Internal Audit? Eric Wright Shareholder Frank Dezort Senior Manager Schneider Downs & Co., Inc. May 2, 2011 Overview
Goodbye, SAS 70! Hello, SSAE 16!
Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70
SOC Readiness Assessments. SOC Report - Type 1. SOC Report - Type 2. Building Trust and Confidence in Third-Party Relationships
Building Trust and Confidence in Third-Party Relationships Today s businesses rely heavily on outsourcing certain business tasks or functions to service organizations, even those that are core to their
Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report
Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA/CITP, Partner at RubinBrown, LLP Janis Parthun, CPA/CITP, Sr. Technical Manager
Clever Security Overview
Clever Security Overview Clever Security White Paper Contents 3 Introduction Software Security 3 Transport Layer Security 3 Authenticated API Calls 3 Secure OAuth 2.0 Bearer Tokens 4 Third Party Penetration
Information for Management of a Service Organization
Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure
MHM S PERSPECTIVE: CHANGES COMING TO SAS 70.KNOW THE FACTS
Mayer Hoffman McCann P.C. An Independent CPA Firm MHM S AUDITING PERSPECTIVE: STANDARD NO. 5 Since its issuance in 1992, the American Institute of Certified Public Accountants (AICPA) Statement on Auditing
EPCS Third party audits the CPA perspective. 13 September 2012
EPCS Third party audits the CPA perspective 13 September 2012 Agenda Introduction History Report review Audit process Moving forward Introduction 1311.300 Application provider requirements Third-party
The 21 st Century Version of SAS 70..SSAE 16
presents Mastering SAS 70 Audit Reports for Service Organizations Evaluating Internal Controls Issues With Type I and Type II Reports A Live 110-Minute Teleconference/Webinar with Interactive Q&A Today's
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)
SECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
End of the SAS 70 Era
End of the SAS 70 Era For years businesses that outsource have relied on SAS 70 reports on the internal controls of third party providers. The standard for those reports is changing. New Standards Replacing
SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch
SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,
3.B METHODOLOGY SERVICE PROVIDER
3.B METHODOLOGY SERVICE PROVIDER Approximately four years ago, the American Institute of Certified Public Accountants (AICPA) issued Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting
Prüfung von Outsourcing mit SAS70
Prüfung von Outsourcing mit SAS70 AGENDA Historical flashback Reasons for the standard Major contents Potential areas of SAS 70 application Audit approach and Responsibility Client and Service Provider
Shared Service System Audits: What User Management and Auditors Need to Know
Shared Service System Audits: What User Management and Auditors Need to Know JFMIP May 2014 Presented by: Robert Dacey GAO Session Objectives Properly using SSAE 16 service organization audit reports Revisions
SSAE 16 SOC 1 Type 2
SSAE 16 SOC 1 Type 2 Independent Service Auditor s Report on Management s Description of a Service Organization s System and the Suitability of the Design and Operating Effectiveness of Controls September
Update on AICPA Assurance Services Executive Committee Activities
Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA Agenda ASEC overview Summary of work streams by
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
Farewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting
Farewell to SAS 70 What you need to know about the New Standard for Service Organization Reporting ADVISORY rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative
RECKENEN FOCUS ON SAS 70 & SSAE 16
RECKENEN FOCUS ON SAS 70 & SSAE 16 Hassan Sultan, CPA Managing Director 3001 Park Center Drive Suite 1000 Alexandria, VA 22302 Phone (703) 249 4509 Email hsultan@reckenen.com SAS 70 & SSAE 16 Overview
Cloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
SOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2014 through September 30, 2015 Independent SOC 3 Report for the Security and Availability Trust
SSAE 16 Everything You Wanted To Know But Are Afraid To Ask. Kurt Hagerman CISA, CISSP, QSA Managing Director, Coalfire December 8, 2011
SSAE 16 Everything You Wanted To Know But Are Afraid To Ask Kurt Hagerman CISA, CISSP, QSA Managing Director, Coalfire December 8, 2011 1 Agenda SAS 70 Misunderstood and Overused o Why the change? SSAE
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security
Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2015 through June 30, 2015 SOC 3 SM SOC 3 is a service
Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016
Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we
GUIDELINES FOR AUDITS OF COUNTY AND CITY HOSPITALS BY INDEPENDENT CERTIFIED PUBLIC ACCOUNTING FIRMS
GUIDELINES FOR AUDITS OF COUNTY AND CITY HOSPITALS BY INDEPENDENT CERTIFIED PUBLIC ACCOUNTING FIRMS ISSUED JUNE 2002 INTRODUCTION On March 21, 2002, Public Law 91, 2002 amended IC 16-22-3-12 to allow county
Role is Broader and More Strategic
Internal Control Transformation IC s Role is Broader and More Strategic CACUBO Winter Workshop - 2013 Introduction Cindy Berg Director McGladrey LLP 201 N Harrison Street Davenport, Iowa 52801 cindy.berg@mcgladrey.com
Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers
Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye
IT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
HIPAA Compliance and Reporting Requirements
Healthcare IT Assurance Peace of Mind Through Privacy and Security Risk Management By Dan Schroeder, CPA, MBA, CISA, CIA, PCI QSA, CISM, CIPP/US Dan.schroeder@hawcpa.com BRIEF CONTENTS HCIT IMPROVES THE
WRITTEN TESTIMONY OF AICPA EMPLOYEE BENEFIT PLAN AUDIT QUALITY CENTER EXECUTIVE COMMITTEE
WRITTEN TESTIMONY OF AICPA EMPLOYEE BENEFIT PLAN AUDIT QUALITY CENTER EXECUTIVE COMMITTEE BEFORE THE ERISA ADVISORY COUNCIL REGARDING OUTSOURCING EMPLOYEE BENEFIT PLAN SERVICES AUGUST 19, 2014 The Employee
Arizona University System Year Ended June 30, 2014
A REPORT TO THE ARIZONA LEGISLATURE Financial Audit Division System Debra K. Davenport Auditor General The Auditor General is appointed by the Joint Legislative Audit Committee, a bipartisan committee
The Finance & Audit (F&A) Committee is expected to consider F&A Committee Agenda Item 4: at its meeting on December 7, 2015.
The Finance & Audit (F&A) Committee is expected to consider F&A Committee Agenda Item 4: Recommendation regarding Acceptance of 2015 Service Organization Control (SSAE 16) Audit Report at its meeting on
Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
A Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS
CLOUD COMPUTING for Construction Accounting BY BRIAN J. THOMAS Copyright 2012 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits.
Frequently asked questions: SOC 2 and 3
1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same
Third-Party Risk Management: Busting Myths and Telling Truths
Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com
October 1, 2015. Ms. Sherry Hazel American Institute of Certified Public Accountants 1211 Avenue of the Americas, 19 th Floor New York, NY 10036-8775
Deloitte & Touche LLP 695 E Main Street Stamford, CT 06901-2150 Tel: +1 203 761 3000 Fax: +1 203 761 3013 www.deloitte.com October 1, 2015 Ms. Sherry Hazel American Institute of Certified Public Accountants
BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization
August 2010 BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization This Basis for Conclusions has been prepared by staff of the Auditing
GAO. Government Auditing Standards. 2011 Revision. By the Comptroller General of the United States. United States Government Accountability Office
GAO United States Government Accountability Office By the Comptroller General of the United States December 2011 Government Auditing Standards 2011 Revision GAO-12-331G GAO United States Government Accountability
Guide to Understanding SAS 70 Reports
Guide to Understanding SAS 70 Reports Authors: Norm Parkerson, Business Advisory Services Executive Director and Brett Williams, Business Advisory Services Partner In today s global economy, service organizations
Navigating the transition to CSAE 3416
www.pwc.com/ca/controls Navigating the transition to CSAE 3416 FAQs on the new Canadian Standard on Assurance Engagements In response to changes in third-party assurance standards in both the US and internationally,
SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report
Presenting a live 110 minute teleconference with interactive Q&A SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report WEDNESDAY,
PAYMENTS FOR SPECIFIED ENERGY PROPERTY IN LIEU OF TAX CREDITS INDEPENDENT ACCOUNTANT REQUIREMENTS
9/24/09 PAYMENTS FOR SPECIFIED ENERGY PROPERTY IN LIEU OF TAX CREDITS INDEPENDENT ACCOUNTANT REQUIREMENTS Applicants requesting payments of $ 1 Million or more for a specified property shall submit an
GAO. Government Auditing Standards: Implementation Tool
United States Government Accountability Office GAO By the Comptroller General of the United States December 2007 Government Auditing Standards: Implementation Tool Professional Requirements Tool for Use
An accounting method, procedure, or system designed to promote efficiency, assure the implementation of policy, safeguard assets, and discover and avoid fraud or error. Allows the plan administrator to
Third Party Verification Letters
Third Party Verification Letters Increasingly, CPAs are receiving requests from clients, lenders, loan brokers, health insurance providers, adoption agencies, regulators and various other agencies to confirm
Limited Scope Audits Of Employee Benefit Plans
Limited Scope Audits Of Employee Benefit Plans May 2009 Topix Primer Series Introduction The AICPA Employee Benefit Plan Audit Quality Center has developed this primer to provide a general understanding
Protecting your brand in the cloud Transparency and trust through enhanced reporting
Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business
Software as a Service Architecture Overview
Software as a Service Architecture Overview Table of Contents... 3 Client Requirements... 4 SaaS Certifications... 4 Availability and Fail Over... 4 PeopleFluent. All other brand and product names are
Sage Nonprofit Online and Sage Virtual Services. Frequently Asked Questions
Sage Nonprofit Online and Sage Virtual Services Frequently Asked Questions General What is Sage Nonprofit Online? Sage Nonprofit Online provides access to Sage 100 Fund Accounting, Sage Grant Management,
ERIC M. WRIGHT, cpa, citp
ERIC M. WRIGHT, cpa, citp ERIC M. WRIGHT, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He specializes in and oversees the design, setup, installation and
FS Regulatory Brief. How the SEC s Custody Rule Impacts Private Fund Advisers. Introduction. The Custody Rule: An overview
How the SEC s Custody Rule Impacts Private Fund Advisers Introduction Under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank, or the Act ) and rules recently adopted by the Securities
SAS 70: A Strategic Advantage in Challenging Times
SAS 70: A Strategic Advantage in Challenging Times By Andrew Pinnero, CISA Deborah Lambert, CPA, CPCU James Murphy, CPA Setting: Your office a typical day These are tough economic times for insurance industry
About the Presenter. Presentation Objectives. SaaS / Cloud Computing Risk Management AICPA Attest Alternatives
SaaS / Cloud Computing Risk Management AICPA Attest Alternatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter
Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers
Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye
GUIDELINES ON REPORTING AND ATTESTATION REQUIREMENTS OF UNIFORM FINANCIAL REPORTING STANDARDS (UFRS)
GUIDELINES ON REPORTING AND ATTESTATION REQUIREMENTS OF UNIFORM FINANCIAL REPORTING STANDARDS (UFRS) For Public Housing Authorities Not- for- Profit Multifamily Program Participants For- Profit Multifamily
provide funding as an incentive to
HEALTH CARE INSIDER VOLUME 6 :: ISSUE 1 In This Issue: Electronic Health Records Benefits And Concerns ELECTRONIC HEALTH RECORDS BENEFITS AND CONCERNS INTRODUCTION As the new year begins, the health care
Audit, Review, Compilation, and Preparation of Financial Statements
Audit, Review, Compilation, and Preparation of Financial Statements DISCLAIMER: This publication has not been approved, disapproved or otherwise acted upon by any senior technical committees of, and does
G24 - SAS 70 Practices and Developments Todd Bishop
G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS
Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
OrgChart Now Information Security Overview. OfficeWork Software LLC
OrgChart Now Information Security Overview OfficeWork Software LLC Version 1.3 May 13, 2015 OrgChart Now Information Security Overview Introduction OrgChart Now is a SaaS (Software as a Service) product
Tier IV Enterprise - Class Data Center
Tier IV Enterprise - Class Data Center Colocation Cloud Hosting Broward Data Center Datasheet Managed Hosting Dedicated Servers www.volico.com Site Specification Security Site Specification Floor Space
REPORT ON INDEPENDENT EVALUATION AND ASSESSMENT OF INTERNAL CONTROL FOR CONTRACT OVERSIGHT
REPORT ON INDEPENDENT EVALUATION AND ASSESSMENT OF INTERNAL CONTROL FOR CONTRACT OVERSIGHT SUBMITTED TO THE U.S. SECURITIES AND EXCHANGE COMMISSION OFFICE OF INSPECTOR GENERAL Cotton & Company LLP Auditors
Anypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
RSS Cloud Solution COMMON QUESTIONS
RSS Cloud Solution COMMON QUESTIONS 1 Services... 3 Connectivity... 5 Support... 6 Implementation... 7 Security... 8 Applications... 9 Backups... 9 Email... 10 Contact... 11 2 Services What is included
MASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2
MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...
KPMG s National Broker-Dealer Practice Survey Results
KPMG s National Broker-Dealer Practice Survey Results Insights into how brokerdealers are implementing the recent SEC Rule 17a-5 Amendments kpmg.com 2 KPMG s National Broker-Dealer Practice Survey Results
Auditing CPA EXAM REVIEW V 1.0
V 1.0 CPA EXAM REVIEW Auditing UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1.877.CPA. EXAM (Outside the U.S. +1.630.472.2213)
PROVIDING IT SOLUTIONS FOR THE HEALTHCARE INDUSTRY
PROVIDING IT SOLUTIONS FOR THE HEALTHCARE INDUSTRY The healthcare industry is facing unprecedented challenges as it evolves. New legislation and advances in technology are leading to obstacles and opportunities
STATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA PERFORMANCE AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES STATE TERM CONTRACT FOR MICROCOMPUTERS AND PERIPHERALS JULY 2013 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE
9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania
Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of
Vendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor: