Preparing SOC 1, SOC 2 or SOC 3 Reports: Best Practices

Meeting Challenges Arising From SSAE 16, ISAE 3402 and Other Service Company Control Standards

Recording of a 110-minute CPE webinar with Q&A


Conducted on Wednesday, March 7, 2012

Recorded event now available

or call 1-800-926-7926
Program Materials

This teleconference will demystify confusing aspects of preparing SOC 1, SOC 2 and SOC 3 reports by audit advisors examining a service organization client's internal controls.

Description

Accounting firm auditors and clients have worked for months under the AICPA's Statement on Standards for Attestation Engagements No. 16 (SSAE 16), the U.S. standard for reporting on a business service provider's internal controls, and IASB International Standard on Assurance Engagements No. 3402 (ISAE 3402).

Aspects of producing a service organization's SOC 1, SOC 2 or SOC 3 controls report remain confusing. Which of the newer (compared with the SAS 70 regime) attestation rules, such as a required written management assertion and sub-service organization reporting, are causing the most difficulty for advisors?

When it comes to producing effective SOC 1, SOC 2 or SOC 3 reports on controls relevant to a user entity's financial statements, operations or compliance, early experiences of peer advisors in outside audits can prove invaluable.

Listen as our speakers offer experiences, alternatives and best practices for creating service organization controls reports under the terms and nuances of SSAE 16 and ISAE 3402 vs. SAS 70.

READ MORE

Outline

  1. Key terms of AICPA SSAE 16 and IASB ISAE 3402
    1. Key differences from AICPA SAS 70
      1. Assurance, attestation standards, as opposed to audit standard
      2. Written assertion by management required
      3. Written assertion, and letter or representation, required from sub-service organizations used
      4. Need for a more inclusive description of the service company’s system
      5. Clearer identification of risks threatening achievement of control objectives
      6. Other important terms of SSAE 16 and ISAE 3402
      7. What hasn’t changed from SAS 70
  2. Transitional issues with the new standards and controls reports
    1. SOC 1 reports on internal controls over financial reporting
    2. SOC 2 reports on controls over security and confidentiality
    3. SOC 3 reports on trust services for service organizations
  3. Preparing SOC 1, SOC 2 or SOC 3 reports going forward
    1. Peer experiences
    2. Recommended best practices
    3. Mistakes to avoid

Benefits

The panel will explore these and other important topics:

  • A review of the material terms of SSAE 16 and ISAE 3402, and of the goals for SOC 1, SOC 2 and SOC 3 reports.
  • An analysis of difficult issues in transitioning to SSAE 16 and ISAE 3402 and away from SAS 70.
  • Best practices for compiling SOC 1, SOC 2 or SOC 3 reports going forward.

Following the speaker presentations, you'll have an opportunity to get answers to your specific questions during the interactive Q&A.

Faculty

Suzanne Nersessian
Suzanne Nersessian
Director, National Service Organization Controls Reporting
Deloitte & Touche

She has 22 years of experience and focuses on quality assurance and risk management issues for SSAE 16/ISAE 3402, SOC...  |  Read More

Ryan Buckner
Ryan Buckner
Shareholder
BrightLine CPAs & Assoc.

He is a CPA and CISSP with more than 10 years of public accounting and IT auditing experience. He leads more than 75...  |  Read More

Nargiz Yusupova
Nargiz Yusupova
Manager
P&N Consulting

She works for the consulting arm of the Postlethwaite & Netterville CPA firm, which she joined in 2010 after...  |  Read More

David Palmer
David Palmer
Managing Director
KPMG

He has more than 25 years of experience advising the financial services industry, particularly on IT audits and...  |  Read More

Other Formats
— Anytime, Anywhere

On-Demand Seminar Audio

$147

Download

$147