The Who, What, and Why of Service Organization Control (SOC) Engagements. Presentation to: 2nd Annual 'I Heart Audit' Conference
|
|
- Ethan McDonald
- 6 years ago
- Views:
Transcription
1 The Who, What, and Why of Service Organization Control (SOC) Engagements Presentation to: 2nd Annual 'I Heart Audit' Conference February 24, 2016
2 Agenda What is SOC? Who needs SOC? Types of SOC Engagements Role of Service Organization Role of Service Auditor The SOC Report Next Steps Questions? 2
3 What is SOC? SOC = Service Organization Control NOT SOX! Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization Looks at the organization once and issues a report rather than being tested by each user 3
4 Who Needs SOC? Companies who perform outsourced processes for other companies Payroll processing Medical claims processing Data centers Billing services No technical requirement for SOC Breaches of data, increase in outsourcing have increased demand 4
5 Types of SOC Engagements SOC 1 - SSAE No. 16, Reporting on Controls at a Service Organization Controls at a service organization relevant to user entities internal control over financial reporting. SOC 2 - AT 101, Attestation Engagements Controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy. Detailed report issued to management. SOC 3 - AT 101, Attestation Engagements Controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. General use seal, requires special licensing, limited use. 5
6 Types of SOC Engagements, continued Type 1: A report on management s description of the service organization s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date. Testing limited to walkthroughs. Type 2: A report on management s description of the service organization s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period. Sample testing over a period of time (at least 6 months) 6
7 Role of Service Organization DEFINING the scope of the service auditor s engagement DETERMINING the type of engagement to be performed, the period to be covered by the report, including or carving out any subservice organizations SELECTING the criteria to be used PREPARING the description of the service organization s system SPECIFYING the control objectives IDENTIFYING risks that threaten achievement of the control objectives PREPARING management s written assertion 7
8 Role of Service Auditor DETERMINING Whether to accept or continue an engagement for a particular client ASSESSING The suitability and availability of the criteria management has used in preparing the description READING The description of the service organization s system and obtaining an understanding of the system ESTABLISHING An understanding with management of the service organization regarding services to be performed and the responsibilities of management and the service auditor, which ordinarily is documented in an engagement letter OBTAINING A list of user entities and determining how the services provided by the service organization are likely to affect the user entities 8
9 Role of Service Auditor, continued READING Contracts with user entities to understand the nature and scope of the services provided by the service organization as well as the service organization s contractual obligations OBSERVING Procedures performed by service organization personnel READING Service organization s policy and procedure manuals and other documentation of the system (for example, flowcharts & narratives) PERFORMING Walkthroughs of transactions and identifying controls DISCUSSING The contents of management s assertion and description with management and other service organization personnel 9
10 Role of Service Auditor, continued Overall: The service auditor determines which controls at the service organization are necessary to achieve the control objectives stated in management s description of the service organization s system and assesses whether those controls were suitably designed to achieve the control objectives. Review to ensure control objectives, if in place, are adequate Test to determine whether they are in place 10
11 The SOC Report Issue report with opinion unqualified, qualified, adverse, or disclaimer Management s Assertion Description of environment, control objectives, and controls Results of testing of controls (Type 2 only) Other Information Provided by Service Organization (not tested) 11
12 Next Steps Perform a SOC readiness review Once controls in place, perform a Type 1 engagement as of a specified date Let time elapse (at least 6 months) Perform a Type 2 engagement over the testing period For example: Controls were deemed adequate and in place as of June 30 Issue a Type 1 report as of 6/30. Testing period for Type 2 = 7/1 through 12/31 Perform sample testing over 6 month period and issue a Type 2 report for the period 7/1 12/31. 12
13 Questions 13
14 Kelli Falk Padgett, Stratemann & Co., L.L.P. AUSTIN 811 Barton Springs Suite 550 Austin, Texas HOUSTON 1980 Post Oak Boulevard Suite 1100 Houston, Texas SAN ANTONIO 100 NE Loop 410 Suite 1100 San Antonio, Texas
Implementing and maintaining ISAE 3402
Implementing and maintaining ISAE 3402 2 Implementing and maintaining ISAE 3402 Contents Introduction 4 Purpose and background 5 Benefits to the service organization 7 How Ernst & Young helps 8 Successful
More informationINTERNATIONAL STANDARD ON AUDITING 402 AUDIT CONSIDERATIONS RELATING TO ENTITIES USING SERVICE ORGANIZATIONS CONTENTS
INTERNATIONAL STANDARD ON 402 AUDIT CONSIDERATIONS RELATING TO ENTITIES (Effective for audits of financial statements for periods beginning on or after December 15, 2004) CONTENTS Paragraph Introduction...
More informationStrengthening Vendor Risk Management Program
Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management
More informationAalborg Universitet. ISA 402 & ISAE 3402 Lessons Learned Berthing, Hans Henrik Aabenhus. Publication date: 2013
Aalborg Universitet ISA 402 & ISAE 3402 Lessons Learned Berthing, Hans Henrik Aabenhus Publication date: 2013 Document Version Early version, also known as pre-print Link to publication from Aalborg University
More informationACC 269 Auditing and Assurance Services
ACC 269 Auditing and Assurance Services COURSE DESCRIPTION: Prerequisites: ACC 220 Corequisites: None This course introduces selected topics pertaining to the objectives, theory, and practices in engagements
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationSARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017
SARBANES-OXLEY COMPLIANCE MANAGING CHANGING EXPECTATIONS January 20, 2017 Pat Mitchell Managing Director Internal Audit, Risk, Business & Technology Consulting CHANGES IN THE COST AND SCOPE OF SOX COMPLIANCE
More informationInternational Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation
International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation MISSION To contribute to Ireland having a strong regulatory environment in which
More informationMcGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
McGraw-Hill/Irwin Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 12 Reports on Audited Financial Statements The television industry doesn t like to see the complexity of
More informationReporting on an Examination of Controls at a Service Organization Relevant to User Entities Internal Control Over Financial Reporting
Reporting on an Examination of Controls at a Service Organization 1621 AT-C Section 320 Reporting on an Examination of Controls at a Service Organization Relevant to User Entities Internal Control Over
More informationThe past, present and future of service organization control reporting
The past, present and future of service organization control reporting Key takeaways from EY s Annual SOCR Client Conference March 2016 Study the past if you would define the future. Confucius b 1 Conference
More informationChapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Management Responsibilities under Section 404 Management
More informationSA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING
Part I : Engagement and Quality Control Standards I.271 SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANISATION (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS
More informationAn Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements
ASB Meeting July 30 August 1, 2013 Agenda Item 3B AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
More informationNon-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities
Audit Committee Charter Non-SEC Regulated Charter Organization The Audit Committee of the Board of Directors shall be comprised of at least three directors, consisting entirely of independent members of
More informationTypes of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA
Types of Systems Audit & Relevance Presented By: Prasad Pendse, CISA Agenda Systems Audit Categories & Types of Systems Audit, Relevance IT & Application Audits Security Audits Process Audits Advantages
More informationB S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013
B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR
More information3. STRUCTURING ASSURANCE ENGAGEMENTS
3. STRUCTURING ASSURANCE ENGAGEMENTS How do standards and guidance help professional accountants provide assurance? What are the practical considerations when structuring an assurance engagement? 3. STRUCTURING
More informationChapter 4. Risk Assessment. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin
Chapter 4 Risk Assessment McGraw-Hill/Irwin Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. LO# 1 Audit Risk The risk that an auditor expresses an unqualified opinion on materially
More informationCPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks
Page 1 of 7 CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a Related PSAs: PSA 400, 315 and 330 AUDITING THEORY Risk Assessment and Response to Assessed Risks 1. Which of the following is correct statement?
More informationReport on controls over Devon Funds Management Limited s investment management services. For the period from 1 January 2014 to 31 December 2014
Report on controls over Devon Funds Management Limited s investment management services For the period from 1 January 2014 to 31 December 2014 Description of Investment Management Services, Controls
More informationTHIRD-PARTY RISK MANAGEMENT
THIRD-PARTY RISK MANAGEMENT Beyond a Regulatory Requirement April 28, 2017 Ken Glascock, CPA, CAMS, CIA, CFSA, CRCM Director kglascock@bkd.com AGENDA Let s Break It Down What Is Third-Party Risk Management?
More informationCompliance Attestation
Compliance Attestation 1603 AT-C Section 315 Compliance Attestation Source: SSAE No. 18. Effective for practitioners' examination reports on compliance with specified requirements and for practitioners'
More information10-B Service organizations ISAE 3402 Significant issues
IAASB Main Agenda (September 2007) Page 2007 2877 Agenda Item 10-B Service organizations ISAE 3402 Significant issues A. The Framework and ISAE 3000 A.1 The Assurance Framework and ISAE 3000 lay the foundations
More informationStandards on Review Engagements (SREs) E- 1220
Standards on Review Engagements (SREs) E- 1220 E- 1221 Engagement Standards Standards on Review Engagements SRE 2400, Engagements to Review Financial Statements (April 1, 2010) SRE 2410, Review of Interim
More informationWill Your Company Pass a Privacy Audit?
Will Your Company Pass a Privacy Audit? by Tammi K. Franke The Issue - Companies that collect personal information are under increasing scrutiny by both consumers and governments in the United States and
More informationASB Meeting July 30-August 1, 2013
ASB Meeting Agenda Item 2B Disposition of s in Extant AT 401, Reporting on Pro Forma Financial, in the Proposed Clarified (Mapping) s in Extant AT 401, Reporting on Pro Forma Financial in Proposed s in
More informationThe University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office
www.pwc.com The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office July 9, 2014 Mr. Dick Dawson Chief Audit Executive The University of Texas
More informationPerformance Auditing
Auditing Standard AUS 806 (July 2002) Performance Auditing Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation Issued by the Australian Accounting Research
More informationINSTRUCTION ON METHODOLOGY ON PERFORMING FINANCIAL AUDIT AND REGULARITY AUDIT ( Official Gazette of MN, no. 07/15 from 17 th February 2015)
On the basis of Article 38 item 1 point 4 of the Law on the State Audit Institution ( Official Gazette of Republic of Montenegro, no. 28/04, 27/06, 78/06, Official Gazette of Montenegro, no. 17/07, 73/10,
More informationASB Meeting January 12-15, 2015
ASB Meeting January 12-15, 2015 Agenda Item 3A Chapter 1, Concepts Common to All Attestation Engagements, of Attestation Standards: Clarification and Recodification Introduction 1.1 This chapter of Statements
More informationCPA REVIEW SCHOOL OF THE PHILIPPINES Manila. AUDITING THEORY OTHER PSAs and PAPSs
Page 1 of 11 CPA REVIEW SCHOOL OF THE PHILIPPINES Manila AUDITING THEORY OTHER PSAs and PAPSs Related PSAs/PAPSs: PSA 501, 505, 510, 520, 540, 545, 550, 620, 560 and 580 PAPS 1000, 1005 and 1000Ph PSA
More informationReporting on Pro Forma Financial Information
Reporting on Pro Forma Financial Information 1509 AT Section 401 Reporting on Pro Forma Financial Information Source: SSAE No. 10. Effective when the presentation of pro forma financial information is
More information9/13/2017 CHA-CHING! PAYROLL CONTROLS THAT PAY OFF PERSONAL INTRODUCTION. Personal Introduction. Melinda Stinnett, CPA, CIA Managing Director
CHA-CHING! PAYROLL CONTROLS THAT PAY OFF Melinda Stinnett, CPA, CIA Managing Director September 15, 2017 1 PERSONAL INTRODUCTION Professional Bachelor s Degree (Accounting) Oklahoma State University Public
More informationSRI LANKA AUDITING STANDARD 620 USING THE WORK OF AN EXPERT CONTENTS
SRI LANKA AUDITING STANDARD 620 USING THE WORK OF AN EXPERT (Effective for all the audits carried out on or after..) CONTENTS Paragraph Introduction 1-5 Determining the Need to Use the Work of an Expert
More informationAPB ETHICAL STANDARD 4 (REVISED) FEES, REMUNERATION AND EVALUATION POLICIES, LITIGATION, GIFTS AND HOSPITALITY
APB ETHICAL STANDARD 4 (REVISED) FEES, REMUNERATION AND EVALUATION POLICIES, LITIGATION, GIFTS AND HOSPITALITY (Revised December 2010) Contents paragraph Introduction 1-4 Fees 5-43 Remuneration and evaluation
More informationDutch Caribbean Nature Alliance (DCNA)
Dutch Caribbean Nature Alliance (DCNA) Approach to the audit process and best practices Page 1 Welcome Opening remarks Logistics Learning objectives Agenda Page 2 Learning objectives Upon completion of
More informationPROFESSIONAL LEVEL PART-A: OVERVIEW OF AUDITING AND ASSURANCE
SYLLABS 2016 Part-D Weightage Part-E Part-C Part-A PROFESSIONAL LEVEL P2 - Audit & Assurance Part-B Part-A Overview of Auditing and Assurance 15% Part-B Audit Planning 20% Part-C Internal Controls 20%
More informationPPC Library Template Report
PPC Library Template Report Engagement Letter Generator Engagement Letter Generator (20160801) Interactive Disclosure Libraries Disclosure Library for Local Governments (20160501) Disclosure Library for
More informationApplying Integrated Assurance Management Scenarios for Governance Capability Assessment
Applying Integrated Assurance Management Scenarios for Governance Capability Assessment János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract. The well established
More informationNegotiating in a Sarbanes-Oxley World
Negotiating in a Sarbanes-Oxley World Richard Pennington, J.D., C.P.M., Consultant SCOPEVision Consulting Ltd 303/324-7333, rpennington@scopevisionconsulting.com 91 st Annual International Supply Management
More informationSRI LANKA AUDITING STANDARD 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) CONTENTS
SRI LANKA AUDITING STANDARD 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) (Effective for audits of group financial statements for periods beginning
More informationOn the Road to SOC 2 Readiness
On the Road to SOC 2 Readiness What Service Organizations Need to Know Internal Audit, Risk, Business & Technology Consulting Introduction Successful organizations know the importance of focusing on core
More informationAirports Council International-North America 2006 Economic Specialty Conference June 5, 2006
How Airports are Responding to the Sarbanes-Oxley Act (SOX) Airports Council International-North America 2006 Economic Specialty Conference June 5, 2006 Gail Flister Vallieres U.S. Government Accountability
More informationREQUEST FOR PROPOSAL. HRIS Human Resources Information Software Fort Morgan, Colorado
REQUEST FOR PROPOSAL HRIS Human Resources Information Software Fort Morgan, Colorado October 7, 2014 Michael Boyer Director, Human Resources and Risk Management CITY OF FORT MORGAN P.O. BOX 100 FORT MORGAN,
More informationIPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:
IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements
More informationevidence explained Chapter 6 The search for
Chapter 6 The search for evidence explained Learning objectives Explain why the audit evidence search is a central concept of auditing. Identify the stages of the audit process and show that evidence has
More informationABS GUIDELINES ON CONTROL OBJECTIVES & PROCEDURES FOR OUTSOURCED SERVICE PROVIDERS. FREQUENTLY ASKED QUESTIONS 15 June 2017.
ABS GUIDELINES ON CONTROL OBJECTIVES & PROCEDURES FOR OUTSOURCED SERVICE PROVIDERS FREQUENTLY ASKED QUESTIONS 15 June 2017 Contents 1. Objective and Benefits of the ABS Guidelines Page 2 2. Scope and Coverage
More informationINTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS
INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS (Effective for audits of financial statements for periods beginning on or after December 15, 2006. Appendix 2 contains conforming amendments
More informationREGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS
REGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS 1. Context After completion of the recognised training contract, a period of specialisation is required, appropriate to the level required
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF PAM TRANSPORTATION SERVICES, INC.
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF PAM TRANSPORTATION SERVICES, INC. I. Purpose The Audit Committee is established by the Board of Directors for the primary purpose of assisting
More informationVERSION #1 PLEASE WRITE ON YOUR SCANTRON
VERSION #1 PLEASE WRITE ON YOUR SCANTRON ECON 132A MIDTERM #1 ANDERSON PLEASE answer multiple choice questions on green scantron and the rest in your blue book. When you are done put your scantron inside
More informationReporting on Pro Forma Financial Information
Reporting on Pro Forma Financial Information 1581 AT-C Section 310 Reporting on Pro Forma Financial Information Source: SSAE No. 18. Effective for practitioners' examination and review reports on pro forma
More informationRFP for Consultancy to Upgrade from CMMI Maturity Level 3 to CMMI Maturity Level 5 & Prism Certification
Document Control Sheet Name of the Organisation StockHolding Document Management Services Limited RFP Reference No. SDMS/IT-Infra/2016-17/019 Date of issue of RFP Document 21 st January 2017 Pre-bid Meeting
More informationAn Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements
AUDITING STANDARD No. 2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements March 9, 2004 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS
More informationImplementing the new revenue guidance in the manufacturing industry
Implementing the new revenue guidance in the manufacturing industry A progress check for management and audit committees Background As the effective date for the new revenue guidance in ASC 606, Revenue
More informationSAMPLING AND ERROR EVALUATION RSM US LLP. All Rights Reserved.
SAMPLING AND ERROR EVALUATION SAMPLING Sampling Factors to consider when sampling Population size and aggregate balance Tolerable misstatement Expected error Assurance factors Significant risk Reliance
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationInternal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC
Internal controls over Financial Reporting Key concepts Presentation by Jayesh Gandhi at WIRC Page 1 ICFR Key Concepts WIRC 28 May 2016 Agenda Scope and requirements Overview of internal controls as per
More informationSA 580- Written Representations
Standard on Auditing SA 580- Written Representations Contents Introduction Objective & Definitions Management Responsibilities and Date of and Period(s) covered Doubt as to the Reliability of Written Representation
More informationAWS Glossary of Terms
AWS Glossary of Terms Version 1.0 July, 2015 2015 Alliance for Water Stewardship Inc. Purpose The purpose of this document is to define the terms, abbreviations and acronyms used by AWS. Responsibility
More informationISA 240 (Redrafted), The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements
CONFORMING AMENDMENTS TO OTHER STANDARDS AS A RESULT OF ISA 265, COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHANGED WITH GOVERNANCE AND MANAGEMENT ISA 240 (Redrafted), The Auditor s Responsibilities
More informationFebruary 23, Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.
McGladrey & Pullen LLP Third Floor 3600 American Blvd West Bloomington, MN 55431 O 952.835.9930 February 23, 2007 Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington,
More informationAPB ETHICAL STANDARD 3 (REVISED) LONG ASSOCIATION WITH THE AUDIT ENGAGEMENT
APB ETHICAL STANDARD 3 (REVISED) LONG ASSOCIATION WITH THE AUDIT ENGAGEMENT (Revised October 2009) Contents paragraph Introduction 1-4 General provisions 5-11 Additional provisions related to audits of
More informationTools & Techniques II: Lead Auditor
About This Course Tools & Techniques II: Lead Auditor Course Description Learn the skills necessary to lead an audit team with confidence. This course provides an overview of the life cycle of an audit
More informationVendor Management Challenges and Expectations An Open Discussion April 13, 2017
1 Practical solutions driving tangible results Vendor Management Challenges and Expectations An Open Discussion April 13, 2017 Agenda Common Themes Discussion Expectations Overcoming Obstacles Common Comments
More informationSarbanes-Oxley Compliance: Managing Technology Controls
Sarbanes-Oxley Compliance: Managing Technology Controls WATCHIT PROGRAMS WatchIT delivers experience to the desktop. Our programs feature industry executives and experts who share insight and understanding
More informationElements of a Successful Compliance Management System and Vendor Management Rules of the Road
Elements of a Successful Compliance Management System and Vendor Management Rules of the Road Jonathan L. Pompan Partner, Venable LLP jlpompan@venable.com 202.344.4383 Katherine M. Lamberth Associate,
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationIAASB Main Agenda (December 2004) Page Agenda Item
IAASB Main Agenda (December 2004) Page 2004 2159 Agenda Item 7-B PROPOSED INTERNATIONAL STANDARD ON AUDITING XXX THE AUDIT OF GROUP FINANCIAL STATEMENTS CONTENTS Paragraph Introduction... 1-3 Definitions...
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationSEMINAR ON INTERNAL FINANCIAL CONTROLS. Oct 31, 2015 at ISACA Pune Chapter Nov 1, 2015 at Pune Branch of WIRC of ICAI
SEMINAR ON INTERNAL FINANCIAL CONTROLS Oct 31, 2015 at ISACA Pune Chapter Nov 1, 2015 at Pune Branch of WIRC of ICAI AGENDA Session I II III IV V Topic Framework & Planning for IFC Review of IT General
More informationSession Number Who Owns. Sarah Thompson, PwC Risk Assurance Director
Session Number Who Owns Segregation of Duties? Sarah Thompson, PwC Risk Assurance Director Agenda Introductions What is Segregation of Duties, Anyway? So Now I Know What It Is Why Do I Care? Sure, SoDis
More informationHot Topics in Third Party Management. April 5, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
Hot Topics in Third Party Management April 5, 2018 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2018 Wolf & Company, P.C. Before we get started Today s presentation slides can
More informationAudit Risk. Exposure Draft. IFAC International Auditing and Assurance Standards Board. October Response Due Date March 31, 2003
IFAC International Auditing and Assurance Standards Board October 2002 Exposure Draft Response Due Date March 31, 2003 Audit Risk Proposed International Standards on Auditing and Proposed Amendment to
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA OFFICE OF THE STATE CONTROLLER BEACON HUMAN RESOURCES AND PAYROLL SYSTEM INFORMATION TECHNOLOGY GENERAL CONTROLS JUNE 2012 PERFORMANCE AUDIT OFFICE OF THE STATE AUDITOR BETH A.
More informationCHART OF ACCOUNTS SETUP
RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda CHART OF ACCOUNTS SETUP FOR MICROSOFT DYNAMICS 365 FOR OPERATIONS Course Details 3 Audience 3 At Course Completion 3 Registration and Payment 3 Refund
More informationTHE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED.
THE NEW AND REVISED INTERPRETATIONS CONTAINED IN THIS DOCUMENT ARE EFFECTIVE ON AUGUST 31, 2017 UNLESS OTHERWISE NOTED. Ethics interpretations are promulgated by the executive committee of the Professional
More informationNEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)
NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER (as of December 2017) Purpose The Audit Committee of Newmark Group, Inc. (the Company ) is appointed by the Board of Directors of the Company (the Board ) to
More informationBURKE CENTER dba BURKE. Request for Proposal Annual Financial and Compliance Audit
BURKE CENTER dba BURKE Request for Proposal Annual Financial and Compliance Audit Burke is requesting a proposal from a public accounting firm with experience in auditing community mental health mental
More informationTerms of Engagement 105. Source: SAS No Effective for audits of financial statements for periods ending on or after December 15, 2012.
Terms of Engagement 105 AU-C Section 210 Terms of Engagement Source: SAS No. 122. Effective for audits of financial statements for periods ending on or after December 15, 2012. Introduction Scope of This
More informationATHENS COUNTY EMERGENCY MEDICAL SERVICES
ATHENS COUNTY EMERGENCY MEDICAL SERVICES RFP NO. 18-001 Athens County Emergency Medical Services PO Box 310 Athens, Ohio 45701-0310 RFP Due Date: February 28, 2018 Athens County Emergency Medical Services
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More informationUsing the Work. of an Expert. HKSA 620 Issued June 2005
Issued June 2005 Effective for audits of financial statements for periods beginning on or after 15 December 2004 Hong Kong Standard on Auditing 620 Using the Work of an Expert HONG KONG STANDARD ON AUDITING
More informationReport on Paychex, Inc. s Description of its ExpenseWire Online Expense Management System and on the Suitability of the Design and Operating
Report on Paychex, Inc. s Description of its ExpenseWire Online Expense Management System and on the Suitability of the Design and Operating Effectiveness of Its Controls Throughout the Period November
More informationAssurance Services. Assurance Services
Assurance Services Introduction Assurance Services Independent professional services that improve the quality of information, or its context, for business or individual decision makers. Making better decisions:
More informationCOSO Updates and Expectations. IIA San Diego Chapter January 8, 2014
COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component
More informationAICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS. Effective for Peer Reviews Commencing on or After January 1, 2009
AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS Effective for Peer Reviews Commencing on or After January 1, 2009 Guidance for Performing and Reporting on Peer Reviews Copyright 2008 by American
More informationComparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)
Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration
More informationImplementation Tool for Auditors
Implementation Tool for Auditors CANADIAN AUDITING STANDARDS (CAS) APRIL 2017 Using the Work of a Management s Expert STANDARD DISCUSSED CAS 500, Audit Evidence This Implementation Tool for Auditors (Tool)
More informationEXPOSURE DRAFT PROPOSED CHANGES TO THE AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS
EPOSURE DRAFT PROPOSED CHANGES TO THE AICPA STANDARDS FOR PERFORMING AND REPORTING ON PEER REVIEWS Scope of System Review and Must Select Engagements June 1, 2012 Comments are requested by August 31, 2012
More informationAudit Committee Charter
Audit Committee Charter 1. Background The Audit Committee is a Committee of the Board of Directors ( Board ) of Syrah Resources Limited (ACN 125 242 284) ( Syrah or the Company ) that was established under
More informationOLD DOMINION FREIGHT LINE, INC. AUDIT COMMITTEE CHARTER. A. The Audit Committee shall be comprised of a minimum of three directors.
I. PURPOSE OLD DOMINION FREIGHT LINE, INC. To establish membership, meeting and responsibility requirements for the Audit Committee of the Board of Directors of Old Dominion Freight Line, Inc. (the Company
More informationProvincial Records management seminar : Status of records in Gauteng
Provincial Records management seminar : Status of records in Gauteng Date: 2 June 2016 Venue: Emperors Palace Presented by: Dumisani Cebekhulu (Acting Business Executive: Gauteng Business Unit) Reputation
More informationup Texas Society of ~ Certified Public Accountants
up Texas Society of ~ Certified Public Accountants Office of the Secretary 1666 K Street, N.W. Washington, D.C. 20006-2803 RE: Proposed Auditing Standard An Audit of Internal Control Over Financial Reporting
More informationSUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008)
SUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008) I. Purpose The primary purpose of the Audit Committee of the Board of Directors (the Committee ) is to assist the Board of Directors in
More informationSRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS
SRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS (Effective for all the audits carried out on or after ) CONTENTS Paragraph Introduction 1-5 Preliminary Engagement Activities 6-7
More information) ) ) ) ) ) ) ) ) ) ) ) REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST. PCAOB Release No July 26, 2005
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST ) ) ) ) ) ) )
More informationAUDIT COMMITTEE OF THE BOARD OF DIRECTORS CHARTER
AUDIT COMMITTEE OF THE BOARD OF DIRECTORS CHARTER PURPOSE AND AUTHORITY OF COMMITTEE The primary purpose of the Audit Committee of the Board of Directors (the Committee ) is to (a) assist the Board in
More informationPROCURE-TO-PAY INVENTORY MANAGEMENT
RSM TECHNOLOGY ACADEMY Syllabus and Agenda PROCURE-TO-PAY INVENTORY MANAGEMENT FOR MICROSOFT DYNAMICS AX Course Details 3 Audience 3 At Course Completion 3 Course Cancellation Policy 5 Guaranteed to Run
More information