Presentation is loading. Please wait.

Presentation is loading. Please wait.

SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports.

Published byZain Poynter Modified over 9 years ago

Similar presentations

Presentation on theme: "SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports."— Presentation transcript:

1 SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports

2 American Institute of CPAs SAS No. 70, Service Organizations Standard for reporting on a service organization’s controls affecting user entities’ financial statements Misuse: “SAS 70 Certified” or “SAS 70 Compliant” Controls related to subject matter other than internal control over financial reporting Only for use by service organization management, existing user entities and their auditors

3 American Institute of CPAs Other Service Organization Control (SOC) Reports Marketplace demand for detailed report on controls on subject matter other than internal control over financial reporting Security Availability Processing integrity Confidentiality Privacy Cloud computing, outsourcing elevated issue

4 American Institute of CPAs How AICPA Addressed Issues Split SAS 70 into two standards: one for service auditors (SSAE 16), the other for user auditors (effective for 2012 year-end audits) Recognized need for assessment of controls over security, availability, processing integrity, confidentiality or privacy Brought together all options for reporting on controls at service orgs Supported public interest by helping CPAs/service orgs correctly apply and use the standards

5 American Institute of CPAs SERVICE ORGANIZATION CONTROL REPORTS SM 3 reports to help service organizations demonstrate reliability CPA, client determine proper engagement for market need SOC logo for service org’s marketing, websites Information on SOC reports: aicpa.org/soc

6 American Institute of CPAs For CPAs who provide the services that result in a SOC 1 SM, SOC 2 SM or SOC 3 SM report For service organizations that had a SOC 1 SM, SOC 2 SM or SOC 3 SM engagement within the past year SOC Report Logos

7 American Institute of CPAs Brochure on SOC Engagements Provides history of service organization reporting Explains the 3 SOC reporting options Free, online at aicpa.org/SOC

8 American Institute of CPAs New Standards and Names Trust Services Principles and Criteria

9 American Institute of CPAs SOC 1 SM Report (restricted use) Report on controls at a service organization relevant to a user entity’s internal control over financial reporting Engagement performed under: SSAE 16 (auditor obtains same level of evidence and assurance as in SAS 70 service auditor engagement) AICPA Guide, Applying SSAE No. 16, Reporting on Controls at a Service Organization Contents of report package: Description of service organization’s system CPA’s opinion on fairness of description, suitability of design, operating effectiveness of controls

10 American Institute of CPAs SSAE 16: New Requirement for Written Assertion Service auditor must obtain written assertion from service organization’s management about the fairness of the presentation of the description of the service organization’s system and about the suitability of the design For type 2 engagements, operating effectiveness of the controls must be included in assertion Assertion will either accompany service auditor’s report or be included in description of service organization’s system

11 American Institute of CPAs SOC 1 SM Reports – Type 1 and Type 2 Both report on the fairness of the presentation of management’s description of the service organization’s system, and… Type 1 also reports on the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date Type 2 also reports on the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period

12 American Institute of CPAs SOC 2 SM Report (use determined by auditor) Report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy Engagement performed under: AT 101, Attestation Engagements AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy Contents of report package same as SOC 1

13 American Institute of CPAs SOC 2 SM Reports – Type 1 and Type 2 Both report on management’s description of a service organization’s system, and … Type 1 also reports on suitability of design of controls Type 2 also reports on suitability of design and operating effectiveness of controls

14 American Institute of CPAs SOC 3 SM Report (general use) Trust Services Report for Service Organizations Engagement performed under: AT 101, Attestation Engagements AICPA TPA, Trust Services Principles, Criteria and Illustrations Contents of report package: CPA’s opinion on whether entity maintained effective controls over its system A seal can be issued on service organization’s website (if CPA is so licensed by CICA)

15 American Institute of CPAs SOC 3 Seal

16 American Institute of CPAs Report Comparison Who the users areWhyWhat SOC 1 SM Users’ controller’s office and user auditors Audits of f/sControls relevant to user financial reporting SOC 2 SM Management Regulators Others GRC programs Oversight Due diligence Concerns regarding security, availability, processing integrity, confidentiality or privacy SOC 3 SM Any users with need for confidence in service organization’s controls Marketing purposes; detail not needed Seal and easy to read report on controls

17 American Institute of CPAs Which SOC Report Is Right for You? Will report be used by your customers and their auditors to plan/perform an audit of their financial statements? YesSOC 1 SM Report Will report be used by customers and/or stakeholders to gain confidence and place trust in a service organization’s system? YesSOC 2 SM or SOC 3 SM Report Do you need to make report generally available or seal? YesSOC 3 SM Report

18 American Institute of CPAs Deciding Between SOC 2 SM and SOC 3 SM Reports YesSOC 2 SM Report NoSOC 3 SM Report Do your customers have the need for/ ability to understand the details of processing and controls at a service organization, the tests performed by the service auditor and results of those tests?

19 American Institute of CPAs More information on AICPA.org/SOC

20 American Institute of CPAs … And on CPA2Biz.com

Download ppt "SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports."

Similar presentations

Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.

Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Additional Assurance Services: Other Information

Additional Assurance Services: Other Information
Table of contents Overview of third-party assurance reporting AT 101, 201, and 601 reports SOC 1, 2, and 3 reports SOC 2 deep-dive.

Table of contents Overview of third-party assurance reporting AT 101, 201, and 601 reports SOC 1, 2, and 3 reports SOC 2 deep-dive.
CHAPTER 1 AUDITING AND THE PUBLIC ACCOUNTING PROFESSION Fall 2007 u What is auditing? u Types of Audits u Independent Auditor Relationships u Services.

CHAPTER 1 AUDITING AND THE PUBLIC ACCOUNTING PROFESSION Fall 2007 u What is auditing? u Types of Audits u Independent Auditor Relationships u Services.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
Audit and Assurance services

Audit and Assurance services
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
March 6, 2012 SOC Reporting: What is New in the Audit Guides?

March 6, 2012 SOC Reporting: What is New in the Audit Guides?
Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
Chapter 20 Additional Assurance Services: Other Information

Chapter 20 Additional Assurance Services: Other Information
American Institute of CPAs ® An Overview of the New Comprehensive Definition of Attest Gary McIntosh AICPA Co-Chair, Uniform Accountancy Act Committee.

American Institute of CPAs ® An Overview of the New Comprehensive Definition of Attest Gary McIntosh AICPA Co-Chair, Uniform Accountancy Act Committee.
Chapter 21 Assurance, Attestation, and Internal Auditing Services Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Chapter 21 Assurance, Attestation, and Internal Auditing Services Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
The Role of the Public Accountant in the American Economy.

The Role of the Public Accountant in the American Economy.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
1 ACC 3303: AUDITING 2 Assurance Services ?? Need for Assurance ? Illustration using an Audit Engagement as an example.

1 ACC 3303: AUDITING 2 Assurance Services ?? Need for Assurance ? Illustration using an Audit Engagement as an example.
Third Party Reporting © 2008 Ernst & Young LLP. All rights reserved. For Internal Use Within EY Only; Not for Distribution to Clients. Third Party Reporting.

Third Party Reporting © 2008 Ernst & Young LLP. All rights reserved. For Internal Use Within EY Only; Not for Distribution to Clients. Third Party Reporting.
Module A1 Other Public Accounting Services ACCT 4080.

Module A1 Other Public Accounting Services ACCT 4080.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.

Similar presentations

Ads by Google