Acumen insight ideas attention reach expertise depth agility talent SAS 70 – Readiness Kick-off Presented by Rod Walsh.

Slides:



Advertisements
Similar presentations
AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.
Advertisements

Internal Control in a Financial Statement Audit
SAS 70 Third Party Report on Controls Overview and Timetable Finance / Audit Committee Meeting Austin, Texas January 14, 2003/ February 18, 2003.
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
March 6, 2012 SOC Reporting: What is New in the Audit Guides?
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved Chapter 21 CHAPTER 21 ASSURANCE, ATTESTATION, AND OTHER FORMS OF SERVICES.
1 ACC 3303: AUDITING 2 Assurance Services ?? Need for Assurance ? Illustration using an Audit Engagement as an example.
Third Party Reporting © 2008 Ernst & Young LLP. All rights reserved. For Internal Use Within EY Only; Not for Distribution to Clients. Third Party Reporting.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.
OTHER SERVICES AND REPORTS. STATEMENTS FOR CPAS PROVIDING ACCOUNTING AND AUDITING SERVICES COMMITTEE ON AUDITING PROCEDURES –STATEMENTS ON AUDITING.
5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.
IT Security Auditing Martin Goldberg.
Auditing A Risk-Based Approach To Conducting A Quality Audit
Professional Standards. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 2-2 Generally Accepted Auditing Standards-- General.
Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.
The Camp Audit “Keep your friends close and your auditor closer”
Learning Objectives LO1 Outline six general audit techniques for gathering evidence. LO2 Identify the procedures and sources of information auditors can.
ISA 220 – Quality Control for Audits of Historical Financial Information
SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.
SAS No. 70 BADM 559 Jong Choi. Overview of SAS 70 Definition ▫SAS 70 helps service auditors to assess operational and technical controls of a service.
Auditing & Assurance Services, 6e
 CPA firms provide audits as well as other attestation and assurance services.  Additional services provided by CPA firms : 1. Accounting and bookkeeping.
Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)
Impact of the New Clarity Standards on Governmental Audits Presented by Beila Sherman, CPA and Enrique Llerena, CPA.
Service Organization Control (SOC) Reporting Options and Information
1 Our Expertise and Commitment – Driving your Success An Introduction to Transformation Offering November 18, 2013 Offices in Boston, New York and Northern.
Planning an Audit The Audit Process consists of the following phases:
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter Three IT Risks and Controls.
Internal Control in a Financial Statement Audit
Monica J. Stern, Certified Public Accountant. What is an audit? An audit is a prescribed process a Certified Public Accountant applies to your financial.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
International Auditing and Assurance Standards Board (IAASB) Issues:
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 8.1 Control Risk,
Assurance Report on Controls at Service Organizations SAE 3402
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
CHAPTER 1 An Overview of Auditing. What does an auditor do?
Solutions Within Reach
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.
Statement on Auditing Standards (SAS) No. 70, Service Organizations BADM 559 Final Project By: Kristina Morales.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
OVERVIEW THE AUDIT PROCESS Overview of the Audit Process.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8 th Edition Modern Auditing: Assurance Services and the Integrity of Financial.
Audit Objectives To obtain reasonable assurance whether the Financial Statements are free of material misstatement To express the opinion whether the F/S.
1 CHAPTER 4 Audit Evidence and Programs. 2 financial statements financial statement cycles management assertions general audit objectives specific audit.
SAS No. 70, Service Organizations A standard for reporting on a service organization’s controls affecting user entities' financial statements. Only for.
Service Organization Control Reports What Have We Learned? Chris Bruhn DIRECTOR, IT RISK SERVICES, BKD, LLP SAS 70 ENDS EXIT TO SSAE 16.
Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.
SAS 99: Consideration of Fraud in a Financial Statement Audit.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
The CPA Profession Chapter 2.
Internal and external control in an automated environment
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
BASIC AUDITING CONCEPTS: MATERIALITY, RISK ASSESSMENT, AND EVIDENCE
Service Organization Control (SOC)
Professional Standards
Internal Audit Quality Assurance and Improvement Program
Sarbanes-Oxley Act (404) An IT Viewpoint
INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK
Tools and Techniques for the Auditor: Fieldwork
SOFE CDS – Monday, July 16th, 2018
Audit.
Presentation transcript:

acumen insight ideas attention reach expertise depth agility talent SAS 70 – Readiness Kick-off Presented by Rod Walsh

acumen insight ideas attention reach expertise depth agility talent SAS 70 Solutions Agenda  Definitions  What is it?  SAS 70 Report & Opinion  SAS 70 Services  Readiness Activities  Team Members & Process Owners  Samples & Documents  Timeline

acumen insight ideas attention reach expertise depth agility talent Service Organizations  Service Organization – provider of services that may impact a user’s (client’s) financial statement  Such As:  data centers  transaction / claims processing centers  application service providers  bank processing centers  “Service auditor“ issues an opinion on a service organization's description of controls

acumen insight ideas attention reach expertise depth agility talent User Organizations  Users of the Service Organization – typically considered your members or clients  “User Auditor”: (i.e. your client’s auditor) is auditing the financial statements of your client (the "user organization“) that obtains services from you (the "service organization“)  User auditors want to have assurance that adequate controls are in place such that they can rely on the service organization’s assertions and services that may affect their client’s financial statements

acumen insight ideas attention reach expertise depth agility talent Other Common Phrases  Control Objective  Control Activity  User Controls  Testing  Supporting documentation  Narrative

acumen insight ideas attention reach expertise depth agility talent What is it?  Statement on Auditing Standards (SAS) No. 70, Service Organizations, (AICPA)  Standardized report by an independent CPA ("service auditor") to issue an opinion on a service organization's description of controls  Attestation Examination – Not an Audit (i.e. we are attesting to the representations made by management of the service organization)  Not a “checklist” exercise

acumen insight ideas attention reach expertise depth agility talent Types of Control Objectives  Management provides a Risk and Standards Based Description of Controls, and specific Control Objectives and Activities that typically include:  Organizational Controls / Control Environment  IT General Controls – Program Development and Program Change  IT General Controls – Computer Operations and Access to Programs and Data  Application Controls – Business Cycle

acumen insight ideas attention reach expertise depth agility talent Report Components SectionActivityType IType II IOur OpinionXX IINarrative Description of Controls (from you) XX IIIControl Objectives:  Client Control Objectives & Activities  Testing Performed  Results OptionalX IVNon Audited Information (Glossary / Disaster Rec.) Optional

acumen insight ideas attention reach expertise depth agility talent Meaning of a SAS 70 Opinion  Result: BKD Opinion on controls as stated by Service Organizations’ Management  Components of Type I & II Opinions  Description of Controls is a fair representation  Controls are Suitably Designed  Controls have been Placed in Operation  Tests of Controls indicate Controls are Operating Effectively* *Component of a Type II opinion only

acumen insight ideas attention reach expertise depth agility talent SAS 70 Services  Readiness Engagement  Preparatory Guidance  Gap Analysis  Type I SAS 70  Type II SAS 70

acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Organizational Review / Corporate organization  Review of organization and management structures  Identification and review of services / products to be examined  Identify Key Technologies / Software  Identify Key Third Parties

acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Review process flow  By service / product area  Between and within sub corporations for identified processes  Define process responsibilities  Client  Data Center  Key Third Parties

acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Define Control Objectives and Activities (Using Process Documents and Samples)  Organizational Controls / Control Environment  IT General Controls – Program Development and Program Change  IT General Controls – Computer Operations and Access to Programs and Data  Application Controls – Business Cycle

acumen insight ideas attention reach expertise depth agility talent Process Documents Review  Sample Report  Description of Controls Outline  SAS 70 Overview  Master Control Objectives  Control Development / Process Owner Agenda  Control Obj. & Activity Development Grid

acumen insight ideas attention reach expertise depth agility talent Process Documents Review  Sample User Controls  Sample policy / procedure resources  Testing examples

acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Gap Assessment  Remediation

acumen insight ideas attention reach expertise depth agility talent Readiness Deliverables  BKD Deliverables  Client Training / Samples / Mentoring  Readiness Assessment  Recommendations for Improvement to above documents  Deliverables From Client  Description of Controls (Narrative)  Control Objectives & Activities  “Mapping” to Policy, Procedure & Documentation  User Considerations

acumen insight ideas attention reach expertise depth agility talent SAS 70 Type I Activities  Provided by Client (PBC)  Description of Controls  Control Objectives & Activities  “Mapping” to Policy, Procedure & Documentation  BKD Deliverables  BKD staff according to IT / Process / Industry  Description of Controls is a fair representation  Controls Suitably Designed  Point in time sample testing for Existence  Report

acumen insight ideas attention reach expertise depth agility talent SAS 70 Type II Activities  PBC  Description of Controls  Control Objectives & Activities  “Mapping” to Policy, Procedure & Documentation  BKD Deliverables  Type I Deliverables, plus -  Testing Design  Testing  Report

acumen insight ideas attention reach expertise depth agility talent Timeline Discussion  Assessment or Management Review  Type I / II Activities  Target Report Date

acumen insight ideas attention reach expertise depth agility talent Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.