Understanding SSAE 16 & SOC Reports When Using a Service Provider
It is important to assess and address the risks associated with outsourced services. SOC Reports help identify and assess such risks. This webinar will help you understand each type of report and identify which report best meets your needs.
Services provided by third-party companies are an integral part of today’s business environment. It is important for the users of these third-parties (user entities) to assess and address the possible risks associated with outsourced services. Service Organizational Control (SOC) Reports provide user entities with information about service providers’ internal control environments to help identify and assess such risks.
The American Institute of Certified Public Accountants (AICPA) has superseded Statement on Auditing Standards No. 70 (SAS 70) Examinations with new guidance covering three Service Organization Control reporting options that provide third-party service providers and user entities with alternatives to help meet the changing demands of outsourcing and vendor due diligence. If you are a service provider considering a SOC examination or if you are the user of a service provider, it is important to understand the intent and scope of each type of SOC report: Service Organization Controls No. 1 (SOC 1) which is also known as Statement on Auditing Standards No. 16 (SSAE 16), Service Organization Controls No. 2 (SOC 2), and Service Organization Controls No. 3 (SOC 3).
- Background of SAS 70 and SOC/SSAE 16 reporting
- Selecting the appropriate SOC examination: SOC 1, SOC 2 or SOC 3
- The scope of SOC examinations
- Type 1 and Type 2 examinations
- Reading the Independent Auditor’s opinion
- Benefits provided to service organizations
- Benefits provided to user entities
- Responsibilities of user entities
Chief Technology Officers, Information Security Officers, CFOs, Compliance Officers, Risk Managers and Auditors at third-party service providers or user entities of third-party service providers.
Nicholas S. Norton is a Senior Consultant in Macpage LLC’s Information Assurance Services group. Nick regularly performs SOC Examinations, IT General Control Reviews and Information Risk Assessments at clients including financial institutions, service bureaus and data centers. He performs technology auditing in all areas of IT-related controls.
Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hours CRCM/CFSSP
Member price: $265.00 | Non member price $530.00
Member price: $280.00 | Non member price $560.00
Online: Visit the CBA Webinar Catalog
Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)
1516 Xavier St., Ste 500, Denver, CO 80204
Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)
- Preferred Payment Method: Online
- Please register online or by phone when paying with a credit card
- Payment Must Accompany Registration – Invoices are Not Provided
Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.