HomeWebcastAICPA SSAE 16/SOC 1 and SOC 2 Reporting for Vendor Management
 CLE

AICPA SSAE 16/SOC 1 and SOC 2 Reporting for Vendor Management

Live Webcast Date: Friday, December 13, 2013 from 12:00 pm to 2:00 pm (ET)
CPE-Tax, Accounting and FinanceRecording

WhiJoin us for this Knowledge Group Webinar. le the risks represented by outsourced vendors (e.g., cloud service providers) is often very significant and increasing, many companies have not deployed effective governance practices over their vendors. Many companies are confused by SOC options and not requesting or requiring proper reporting, and not properly evaluating reporting that is provided. In many cases users simply check-the-box, and have a false sense of assurance that their risks are addressed. In other cases, users also conduct redundant surveys and on-site audits. 

It is vital for companies to have a thorough understanding of SOC Reporting options to help mitigate risks and manage relationships with respect to outsourced vendors. During this two-hour Webcast organized by The Knowledge Congress, a panel of leading practitioners will highlight approaches to leverage SOC reporting for vendor management and discuss topics such as the following:

Overview of SSAE 16/SOC 1 and SOC 2 and when they are applicable
How to determine what SOC reporting options are appropriate for your vendor management needs.
How to read and assess reporting required.
Determining whether SOC reporting meets your vendor management needs and alternative steps in event it does not.

Who Should Attend

-CPAs
-Audit Committee
-Internal Auditors
-IT Officers
-Risk & Compliance Managers
-CFOs
-Operations
-Senior Management
-Public Companies
-Private Companies
-And other interested professionals

Faculty

Daniel Schroeder, CPA
Partner-In-Charge
Habif, Arogeti & Wynne, LLP
Kelly A. O'Callaghan CPA CITP
Partner and IT Audit
CohnReznick LLP
Greg Ameden, CISA
Director of IT Assurance Services
Hancock Askew & Co LLP
Heather Bearfield, CISA, CISM, CRISC
Principal
Marcum LLP

Click Here to Read Additional Material

<strong id="ep-name-of-speaker">Daniel Schroeder, CPA , Partner-In-Charge</strong>
<em id="ep-speaker-firm">Habif, Arogeti & Wynne, LLP</em>
    How to apply it effectively
    Relavency
    Bad practices that’ve been seen
    Success stories
    
<strong id="ep-name-of-speaker">Kelly A. O'Callaghan CPA CITP, Partner and IT Audit – Practice Leader</strong>
<em id="ep-speaker-firm">CohnReznick LLP</em>
    1.    Purpose of the SOC 1 and SOC2 reports
        SOC 1- ICFR
        SOC2 – operational controls
    2.    Areas covered by SOC 1 vs. SOC2 reports
        For example, ITGC and/or transaction processing vs. Security, Availability, Confidentiality, Processing Integrity and/or Privacy
    3.    Applicability of reports based on vendor type
        For example, assess to what extent current users and prospects will be relying on the report (financial reporting purposes vs. governance)
    
<strong id="ep-name-of-speaker">Heather Bearfield, CISA, CISM, CRISC, Principal</strong>
<em id="ep-speaker-firm">Marcum LLP</em>
    Details of how to read and asses
    Understanding scope of report
    Carve outs
    
    
<strong id="ep-name-of-speaker">Heather Bearfield, CISA, CISM, CRISC, Principal</strong>
<em id="ep-speaker-firm">Marcum LLP</em>
    Details of how to read and asses
    Understanding scope of report
    Carve outs

Daniel Schroeder, CPA Partner-In-Charge Habif, Arogeti & Wynne, LLP

Dan is the partner-in-charge of Habif, Arogeti & Wynne’s Information Assurance Services practice that serves leading technology based companies on a national and international basis. Dan has over twenty-five years experience in IT management and risk management functions in both internal roles at a Fortune 100 company and in client serving roles with leading CPA firms. 

The services Dan oversees include: 
- Service Organization Control (SOC) reporting that replaced SAS 70,
- Security and Privacy compliance risk management, e.g., ISO 27001, PCI, HIPAA/HITECH, EU Safe Harbor, and banking regulations
- Security assessments including vulnerability scanning and penetration testing
- Data management and assurance

Dan is the immediate ex-chairperson of the AICPA Information Technology Executive Committee (ITEC) and serves on the AICPA task forces for Privacy and for SOC Reporting, and is lead designer of the new AICPA SOC reporting school. Dan is a frequent speaker and author on Information Assurance topics subjects including SOC reporting, security and privacy risk management, and data management.

Kelly A. O'Callaghan CPA CITPPartner and IT Audit CohnReznick LLP

Kelly A. O’Callaghan, CPA, CITP, is a partner with CohnReznick and has more than 18 years of diversified public accounting experience, including a concentration in auditing, IT audit, and accounting. Kelly is the Firm’s IT Audit Practice Leader and has extensive experience working with clients to meet their SOC 1 (Service Organization Controls examination under SSAE No. 16, formerly SAS No. 70), SOC 2, and SOC 3 needs. Kelly leads a dedicated IT Audit team that includes members with CPA, CISA, CITP, and CISSP credentials. She directs the IT audit procedures for approximately 200 financial statement audits and approximately 300 SOC 1 reviews related to employee benefit plan and financial statement audits.

Kelly has also developed an expertise in providing services to businesses in specialized industries, including hospitality, real estate, and not-for-profit. She leads the Hospitality Practice in CohnReznick’s New Jersey offices and provides strong leadership for the practice in all audit and governance areas. Kelly is currently the engagement partner for the American Institute of Certified Public Accountants and has been part of the audit team since 2000.

Greg Ameden, CISA Director of IT Assurance Services Hancock Askew & Co LLP

Greg Ameden is the Director of IT Assurance Services for Hancock Askew and leads the firm’s IT-related internal audit, risk advisory, and Service Organization Controls (SOC) reporting services. He has over 10 years of experience working in various information technology environments, starting in the IT field and then most recently 7 years at public accounting and advisory firms. Advising and assisting many organizations from a range of industries has enabled Greg to develop a deep understanding of business processes, operational control, and risk management principles. 

Greg has experience working with clients to identify and evaluate financial, compliance and operational risks as part of their SOC 1, SOC 2 and SOC 3 examinations. In addition to AICPA SOC reports, Hancock Askew also issues ISAE 3402 reports, the international equivalent to SOC reports.

Heather Bearfield, CISA, CISM, CRISCPrincipalMarcum LLP

Heather B. Bearfield is a Principal in the Marcum Boston office and serves as the National Technology Assurance Services Practice Group Leader. Ms. Bearfield has extensive experience with SOC engagements internal and external audits, application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing. Ms. Bearfield has comprehensive experience in multiple aspects of Risk Management across business operations including regulatory compliance. She executes compliance engagements according to various regulations. She identifies process and control weaknesses, analyzes complex systems and works with clients to streamline operations within time and resource constraints. Heather has her Masters of Business Administration from the University of Vermont.

Course Level:
   Intermediate

Advance Preparation:
   Print and review course materials

Method Of Presentation:
   On-demand Webcast

Prerequisite:
   NONE

Course Code:
   134508

NASBA Field of Study:
   Accounting

Total Credits:
    2.0 CLE

No Access

You are not logged in. Please or register to the event to gain access to the materials and login instructions.

About the Knowledge Group

The Knowledge Group

The Knowledge Group has been a leading global provider of Continuing Education (CLE, CPE) for over 13 Years. We produce over 450 LIVE webcasts annually and have a catalog of over 4,000 on-demand courses.

About the Knowledge Group

The Knowledge Group

The Knowledge Group has been a leading global provider of Continuing Education (CLE, CPE) for over 13 Years. We produce over 450 LIVE webcasts annually and have a catalog of over 4,000 on-demand courses.

Habif, Arogeti & Wynne, LLP is a leader in the CPA industry in providing risk management services to vendors and their customers. Our clients are leading cloud and technology service providers and companies that use those services in high risk industries such as healthcare and financial services and who need to meet the most stringent compliance and governance requirements.

Website: https://www.hawcpa.com/

With origins dating back to 1919, CohnReznick LLP is the 11th largest accounting, tax, and advisory firm in the United States, combining the resources and technical expertise of a national firm with the hands-on, entrepreneurial approach that today's dynamic business environment demands. CohnReznick serves a large number of diverse industries and offers specialized services for Fortune 1000 companies, owner-managed firms, international enterprises, government agencies, not-for-profit organizations, and other key market sectors.

Headquartered in New York, NY, CohnReznick serves its clients with more than 280 partners, 2,200 employees, and 26 offices. The Firm is a member of Nexia International, a global network of independent accountancy, tax, and business advisors. For more information, visit www.cohnreznick.com

Website: https://www.cohnreznick.com/

Hancock Askew & Co., LLP is a regional accounting, tax and advisory firm tracing its origins back to 1910. Hancock Askew’s professionals are focused on providing quality service and the personal attention each client deserves. This is demonstrated through our high partner and director level involvement on each of our engagements. Hancock Askew provides services for a range of clients comprised of Fortune 500 companies to small private businesses; federal, state and local government agencies and not-for-profit organizations; multinational, international and national companies. With offices in Savannah and Atlanta, Georgia, and as part of the BDO Seidman Alliance, the firm has the technical expertise and resources of an international firm.

Website: https://www.hancockaskew.com/

Marcum LLP is one of the largest independent public accounting and advisory services firms in the nation. Ranked among the top 20, Marcum LLP offers the resources of 1,200 professionals, including over 140 partners, in more than 20 offices throughout New York, New Jersey, Massachusetts, Connecticut, Pennsylvania, California, Florida, Grand Cayman and China. Headquartered in New York City, the Firm's presence runs deep with full-service offices strategically located in major business markets.

Website: https://www.marcumllp.com/

Ultimate Value Annual Program

Bring a colleague for only $149, a savings of $50 per additional attendee.

  • Unlimited Access to Live & Recorded Webcasts
  • Instant Access to Course Materials
  • And More!

$199