Presentation is loading. Please wait.

Presentation is loading. Please wait.

Acumen insight ideas attention reach expertise depth agility talent SAS 70 – Readiness Kick-off Presented by Rod Walsh.

Published byCody Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Acumen insight ideas attention reach expertise depth agility talent SAS 70 – Readiness Kick-off Presented by Rod Walsh."— Presentation transcript:

1 acumen insight ideas attention reach expertise depth agility talent SAS 70 – Readiness Kick-off Presented by Rod Walsh

2 acumen insight ideas attention reach expertise depth agility talent SAS 70 Solutions Agenda  Definitions  What is it?  SAS 70 Report & Opinion  SAS 70 Services  Readiness Activities  Team Members & Process Owners  Samples & Documents  Timeline

3 acumen insight ideas attention reach expertise depth agility talent Service Organizations  Service Organization – provider of services that may impact a user’s (client’s) financial statement  Such As:  data centers  transaction / claims processing centers  application service providers  bank processing centers  “Service auditor“ issues an opinion on a service organization's description of controls

4 acumen insight ideas attention reach expertise depth agility talent User Organizations  Users of the Service Organization – typically considered your members or clients  “User Auditor”: (i.e. your client’s auditor) is auditing the financial statements of your client (the "user organization“) that obtains services from you (the "service organization“)  User auditors want to have assurance that adequate controls are in place such that they can rely on the service organization’s assertions and services that may affect their client’s financial statements

5 acumen insight ideas attention reach expertise depth agility talent Other Common Phrases  Control Objective  Control Activity  User Controls  Testing  Supporting documentation  Narrative

6 acumen insight ideas attention reach expertise depth agility talent What is it?  Statement on Auditing Standards (SAS) No. 70, Service Organizations, (AICPA)  Standardized report by an independent CPA ("service auditor") to issue an opinion on a service organization's description of controls  Attestation Examination – Not an Audit (i.e. we are attesting to the representations made by management of the service organization)  Not a “checklist” exercise

7 acumen insight ideas attention reach expertise depth agility talent Types of Control Objectives  Management provides a Risk and Standards Based Description of Controls, and specific Control Objectives and Activities that typically include:  Organizational Controls / Control Environment  IT General Controls – Program Development and Program Change  IT General Controls – Computer Operations and Access to Programs and Data  Application Controls – Business Cycle

8 acumen insight ideas attention reach expertise depth agility talent Report Components SectionActivityType IType II IOur OpinionXX IINarrative Description of Controls (from you) XX IIIControl Objectives:  Client Control Objectives & Activities  Testing Performed  Results OptionalX IVNon Audited Information (Glossary / Disaster Rec.) Optional

9 acumen insight ideas attention reach expertise depth agility talent Meaning of a SAS 70 Opinion  Result: BKD Opinion on controls as stated by Service Organizations’ Management  Components of Type I & II Opinions  Description of Controls is a fair representation  Controls are Suitably Designed  Controls have been Placed in Operation  Tests of Controls indicate Controls are Operating Effectively* *Component of a Type II opinion only

10 acumen insight ideas attention reach expertise depth agility talent SAS 70 Services  Readiness Engagement  Preparatory Guidance  Gap Analysis  Type I SAS 70  Type II SAS 70

11 acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Organizational Review / Corporate organization  Review of organization and management structures  Identification and review of services / products to be examined  Identify Key Technologies / Software  Identify Key Third Parties

12 acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Review process flow  By service / product area  Between and within sub corporations for identified processes  Define process responsibilities  Client  Data Center  Key Third Parties

13 acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Define Control Objectives and Activities (Using Process Documents and Samples)  Organizational Controls / Control Environment  IT General Controls – Program Development and Program Change  IT General Controls – Computer Operations and Access to Programs and Data  Application Controls – Business Cycle

14 acumen insight ideas attention reach expertise depth agility talent Process Documents Review  Sample Report  Description of Controls Outline  SAS 70 Overview  Master Control Objectives  Control Development / Process Owner Agenda  Control Obj. & Activity Development Grid

15 acumen insight ideas attention reach expertise depth agility talent Process Documents Review  Sample User Controls  Sample policy / procedure resources  Testing examples

16 acumen insight ideas attention reach expertise depth agility talent Readiness Activities  Gap Assessment  Remediation

17 acumen insight ideas attention reach expertise depth agility talent Readiness Deliverables  BKD Deliverables  Client Training / Samples / Mentoring  Readiness Assessment  Recommendations for Improvement to above documents  Deliverables From Client  Description of Controls (Narrative)  Control Objectives & Activities  “Mapping” to Policy, Procedure & Documentation  User Considerations

18 acumen insight ideas attention reach expertise depth agility talent SAS 70 Type I Activities  Provided by Client (PBC)  Description of Controls  Control Objectives & Activities  “Mapping” to Policy, Procedure & Documentation  BKD Deliverables  BKD staff according to IT / Process / Industry  Description of Controls is a fair representation  Controls Suitably Designed  Point in time sample testing for Existence  Report

19 acumen insight ideas attention reach expertise depth agility talent SAS 70 Type II Activities  PBC  Description of Controls  Control Objectives & Activities  “Mapping” to Policy, Procedure & Documentation  BKD Deliverables  Type I Deliverables, plus -  Testing Design  Testing  Report

20 acumen insight ideas attention reach expertise depth agility talent Timeline Discussion  Assessment or Management Review  Type I / II Activities  Target Report Date

21 acumen insight ideas attention reach expertise depth agility talent Thank you

Download ppt "Acumen insight ideas attention reach expertise depth agility talent SAS 70 – Readiness Kick-off Presented by Rod Walsh."

Similar presentations

AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.

AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
SAS 70 Third Party Report on Controls Overview and Timetable Finance / Audit Committee Meeting Austin, Texas January 14, 2003/ February 18, 2003.

SAS 70 Third Party Report on Controls Overview and Timetable Finance / Audit Committee Meeting Austin, Texas January 14, 2003/ February 18, 2003.
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
March 6, 2012 SOC Reporting: What is New in the Audit Guides?

March 6, 2012 SOC Reporting: What is New in the Audit Guides?
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 21-1 Chapter 21 CHAPTER 21 ASSURANCE, ATTESTATION, AND OTHER FORMS OF SERVICES.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved Chapter 21 CHAPTER 21 ASSURANCE, ATTESTATION, AND OTHER FORMS OF SERVICES.
1 ACC 3303: AUDITING 2 Assurance Services ?? Need for Assurance ? Illustration using an Audit Engagement as an example.

1 ACC 3303: AUDITING 2 Assurance Services ?? Need for Assurance ? Illustration using an Audit Engagement as an example.
Third Party Reporting © 2008 Ernst & Young LLP. All rights reserved. For Internal Use Within EY Only; Not for Distribution to Clients. Third Party Reporting.

Third Party Reporting © 2008 Ernst & Young LLP. All rights reserved. For Internal Use Within EY Only; Not for Distribution to Clients. Third Party Reporting.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.

Assurance and Attestation Services BA 427 Winter 2007 Substantive Procedures Glenn Lovett, Shareholder.
OTHER SERVICES AND REPORTS. STATEMENTS FOR CPAS PROVIDING ACCOUNTING AND AUDITING SERVICES 1939 - COMMITTEE ON AUDITING PROCEDURES –STATEMENTS ON AUDITING.

OTHER SERVICES AND REPORTS. STATEMENTS FOR CPAS PROVIDING ACCOUNTING AND AUDITING SERVICES COMMITTEE ON AUDITING PROCEDURES –STATEMENTS ON AUDITING.
5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.

5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.
IT Security Auditing Martin Goldberg.

IT Security Auditing Martin Goldberg.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Professional Standards. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 2-2 Generally Accepted Auditing Standards-- General.

Professional Standards. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 2-2 Generally Accepted Auditing Standards-- General.
Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.

Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.
The Camp Audit “Keep your friends close and your auditor closer”

The Camp Audit “Keep your friends close and your auditor closer”
Learning Objectives LO1 Outline six general audit techniques for gathering evidence. LO2 Identify the procedures and sources of information auditors can.

Learning Objectives LO1 Outline six general audit techniques for gathering evidence. LO2 Identify the procedures and sources of information auditors can.
ISA 220 – Quality Control for Audits of Historical Financial Information

ISA 220 – Quality Control for Audits of Historical Financial Information
SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.

SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.

Similar presentations

Ads by Google