Understanding SSAE 16 & SOC Reports When Using a Service Provider

It is important to assess and address the risks associated with outsourced services. SOC Reports help identify and assess such risks. This webinar will help you understand each type of report and identify which report best meets your needs.

Services provided by third-party companies are an integral part of today’s business environment. It is important for the users of these third-parties (user entities) to assess and address the possible risks associated with outsourced services. Service Organizational Control (SOC) Reports provide user entities with information about service providers’ internal control environments to help identify and assess such risks.

The American Institute of Certified Public Accountants (AICPA) has superseded Statement on Auditing Standards No. 70 (SAS 70) Examinations with new guidance covering three Service Organization Control reporting options that provide third-party service providers and user entities with alternatives to help meet the changing demands of outsourcing and vendor due diligence. If you are a service provider considering a SOC examination or if you are the user of a service provider, it is important to understand the intent and scope of each type of SOC report: Service Organization Controls No. 1 (SOC 1) which is also known as Statement on Auditing Standards No. 16 (SSAE 16), Service Organization Controls No. 2 (SOC 2), and Service Organization Controls No. 3 (SOC 3). 


  • Background of SAS 70 and SOC/SSAE 16 reporting
  • Selecting the appropriate SOC examination: SOC 1, SOC 2 or SOC 3
  • The scope of SOC examinations
  • Type 1 and Type 2 examinations
  • Reading the Independent Auditor’s opinion
  • Benefits provided to service organizations
  • Benefits provided to user entities
  • Responsibilities of user entities


Chief Technology Officers, Information Security Officers, CFOs, Compliance Officers, Risk Managers and Auditors at third party service providers or user entities of third party service providers.


Durward J. Ferland is a Client Services Director at Macpage LLC and leads the firm’s Information Assurance Services group. He has expertise and knowledge in all areas of IT-related internal controls. Durward regularly performs SOC Examinations, IT General Control Reviews and Readiness Assessments at clients including financial institutions, insurance companies, service bureaus, and data centers. He performs technology auditing in all areas of IT-related controls.

Credit Information

Institute of Certified Bankers: Visit aba.com/icb/membercereview for instructions regarding self-reporting. Estimated credits: 2 hours CRCM/CFSSP.


Live Webinar:

Member price: $265.00 | Non member price $530.00

On-Demand Webinar

Member price: $280.00 | Non member price $560.00


Online: Visit the CBA Webinar Catalog

Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)

4434 W. 29th St., Denver, CO  80212

Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)

Please Note:

  • Preferred Payment Method: Online
  • Please register online or by phone when paying with a credit card
  • Payment Must Accompany Registration – Invoices are Not Provided

Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.