Update on AICPA Assurance Services Executive Committee Activities



Similar documents
Farewell to SAS 70. What you need to know about the New Standard for Service Organization Reporting

Cybersecurity and the AICPA Cybersecurity Attestation Project

IAASB Main Agenda (June 2010) Agenda Item. April 28, 2009

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP

SAS No. 70, Service Organizations

FAQs New Service Organization Standards and Implementation Guidance

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports

BASIS FOR CONCLUSIONS Canadian Standard on Assurance Engagements (CSAE) 3416, Reporting on Controls at a Service Organization

Shared Service System Audits: What User Management and Auditors Need to Know

SECURITY AND EXTERNAL SERVICE PROVIDERS

Service Organization Control (SOC) Reports

How To Understand The Benefits Of An Internal Audit

Goodbye, SAS 70! Hello, SSAE 16!

SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards Mastering Requirements Governing Your Next Controls Report

The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011

Guide to Public Company Auditing

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

SSAE 16 Everything You Wanted To Know But Are Afraid To Ask. Kurt Hagerman CISA, CISSP, QSA Managing Director, Coalfire December 8, 2011

Data Analytics Working Group Update

Here comes SSAE 16 SAS 70 EVOLUTION: How will the new standard affect my business? How do I prepare to meet the new requirements?

Service Organization Control (SOC) reports What are they?

Frequently asked questions: SOC 2 and 3

Service Organization Control Reports

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

Information for Management of a Service Organization

Data Analytics Working Group Update

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

The Future of Audit. AICPA s ASEC (Assurance Services Executive Committee)

GAO. Government Auditing Standards Revision. By the Comptroller General of the United States. United States Government Accountability Office

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards

3.B METHODOLOGY SERVICE PROVIDER

Public Accounting Licence Requirements for Assurance Engagements Specified in the CICA Handbook -- Assurance

Copyright 2015, American Institute of Certified Public Accountants, Inc. All Rights Re... STATEMENT ON STANDARDS FOR CONSULTING SERVICES

SECTION I INDEPENDENT SERVICE AUDITOR S REPORT

Internal Control over Financial Reporting Guidance for Smaller Public Companies

100 What Are They? Agreed upon procedures. Audits, reviews, compilations, or preparations of specified elements of a financial statement.

SOC 3 for Security and Availability

PCAOB Forum on Auditing Smaller Broker-Dealers

Audit, Review, Compilation, and Preparation of Financial Statements

LEGAL OUTSOURCING INTO INDIA A CONCEPT PAPER

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

RE: PCAOB Rulemaking Docket Matter No. 004 Statement Regarding the Establishment of Auditing and Other Professional Standards

Auditing CPA EXAM REVIEW V 1.0

THE DATA CENTER COMPLIANCE ACRONYMS YOU NEED TO KNOW

Reporting on Pro Forma Financial Information

Service Organizations and the Internal Audit function conference Institute of Internal Auditors in Israel

Ayla Networks, Inc. SOC 3 SysTrust 2015

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Auditing Derivative Instruments, Hedging Activities, and Investments in Securities 1

Cloud Computing Risk Assessment

ISAE 3402 and SSAE 16 (replacing SAS 70) Reinforcing confidence through demonstration of effective controls

Center for Audit Quality Update

STANDING ADVISORY GROUP MEETING

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

STANDING ADVISORY GROUP MEETING

) ) ) ) ) ) ) ) ) ) ) )

Hot Topics in IT. CUAV Conference May 2012

STAFF QUESTIONS AND ANSWERS

Valuing and Reporting Plan Investments

AICPA Discussion Paper - Enhancing Audit Quality, Plans and Perspectives for the U.S. CPA Profession

A I. C A Q A p p r o a c h to A u d i t Q u a l i ty I n d i c a to r s

STANDING ADVISORY GROUP MEETING

Continuous auditing: the audit of the future

Understanding SAS 70 Reports on Internal Control

Transcription:

Update on AICPA Assurance Services Executive Committee Activities Amy Pawlicki Director Business Reporting, Assurance & Advisory Services and XBRL AICPA

Agenda ASEC overview Summary of work streams by task force/working group

ASEC Overview Mission: To assure the quality, relevance and usefulness of information or its context for decision makers and other users by: 1) identifying and prioritizing emerging trends and market needs for assurance, & 2) developing related assurance methodology guidance and tools as needed.

ASEC Work Streams 1. Trust Data Integrity Task Force 2. XBRL Assurance Task Force 3. Future of Assurance Working Group 4. Risk Working Group

1. Trust Data Integrity Task Force A. Trust Services Principles and Criteria (P&C) Working Group Attestation (AT101) or advisory services on the security, availability, processing integrity, confidentiality, and privacy of IT-enabled systems including electronic commerce (ecommerce) systems and privacy programs. System reliability (SysTrust) and WebTrust Updated P&C, effective as of September 15, 2009, are contained in the AICPA Technical Practice Aid

1. Trust Data Integrity Task Force B. Trust/SSAE Service Organization Working Group Objective- Develop Practitioner Guidance (SOP) on applying the Service Organization SSAE to Trust Services P&C Composition-members of TDITF, Privacy Task Force, CICA s Certificate of Authority Task Force, and staff of ASB & CICA Timing- Issue SOP at same time as ASB & IAASB issue SSAE

1. Trust Data Integrity Task Force C. Information Integrity Working Group Developing a Framework for Reporting on Information Integrity that: Will enable attestation both directly on the subject matter as well as on the systems that provide information with integrity Will contain criteria sufficiently robust to meet most user needs Addresses the entire information lifecycle *Targeting criteria exposure in spring/summer 2010

1. Trust Data Integrity Task Force

2. XBRL Assurance Task Force Auditor implications of SEC Rule The SEC rules do not require any auditor involvement on XBRL-Tagged Data Auditors are not required to apply AU Sections 550, 711 or 722 to interactive data provided in an exhibit or to related viewable interactive data SEC Final Rule release states that issuers can obtain 3 rd party assurance under PCAOB AT 101 Expanded user expectation gap relative to auditor involvement with XBRL exhibits

2. XBRL Assurance Task Force Service Implications for Audit Firms Task Force worked with CAQ to release an Alert to address potential services that auditors may be asked to provide for XBRL-tagged information. Advisory Services Assurance Services Impact on Independent Auditor s Report on the Financial Statements

2. XBRL Assurance Task Force AICPA released SOP 09-1, Performing Agreed-Upon Procedures Engagements That Address the Completeness, Accuracy, or Consistency of XBRL- Tagged Data.

2. XBRL Assurance Task Force Examinations - Task force is working on matters related to examinations of XBRL-tagged data: Development of standard set of assertions Development of procedures/requirements for compliance with attestation standards Development of auditor s report for assurance engagements Analysis of all XBRL SEC rules, including the EDGAR Filer Manual, to determine which rules could be addressed by auditor assurance

2. XBRL Assurance Task Force Mitigating the Expectation Gap - The task force is reviewing options to communicate auditor association with XBRL-tagged data: modify auditor report (CAQ Alert recommendation) communicate auditor involvement within XBRL Exhibit communicate auditor responsibility within engagement letters and SAS 61 communications

3. Risk Working Group Exploring the current risk landscape to gain an understanding of the marketplace and to determine the need, if any, for an assurance service on risk. Collaborating with Rutgers University on a study of risk management practices

4. Future of Assurance Working Group Developing a point of view of future scenarios of user and investor needs for assurance, and identify broader tactical steps for the Profession to pursue to maintain relevance in providing that assurance. Identifying complementary work streams that are being pursued by other groups both within and outside of the AICPA, in order to highlight key related initiatives and to avoid duplication of efforts.

Questions and Discussion

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information