Out With SAS 70 – In With SSAE 16: Are You Ready?

Chris Schellman is the president and founder of SAS 70 Solutions, Inc., one of the largest providers of SAS 70 and SSAE 16 services in the United States. Having led over 600 SAS 70 audits, Chris is one of the most experienced service auditors in the world and currently spends a significant amount of time educating others on the topic. Chris is a former “Big 4” executive and maintains the designations of CPA, CISSP, CISA, CIA and PCI-QSA. He currently resides in Tampa, Florida, with his wife and four children. 

Chris Kradjan is the National Leader for the SAS 70 and Technology Practices for Moss Adams. He has been with Moss Adams since 1994, and has been auditing and consulting since 1992. Chris works routinely with private and public sector clients, and has been involved with SAS 70 audits for a wide range of complex technology-based service organizations. His practice areas include SAS 70 auditing, internal controls reviews, Sarbanes-Oxley compliance services, SysTrust/WebTrust audits, and independent technology assessments. Furthermore, Chris is regularly involved with technology and financial controls assessments based on the COBIT, ITIL, ISO and COSO frameworks. He is responsible for quality assurance involving SAS 70 audits performed by Moss Adams. In addition, Chris has developed and continues to maintain oversight of the firm’s SAS 70 audit and technology review compliance practices, and is leading the firm’s effort to transition from SAS 70 to SSAE 16. He holds a Bachelor of Arts in Business Administration from Western Washington University, is a Certified Public Accountant (CPA) licensed to practice in a various states, and is a member of the Information Systems Audit and Control Association (ISACA). 

Suzanne is the National SAS 70 Risk Leader for Deloitte & Touche LLP and has more than 21 years of experience in both Boston and London. In her role, Suzanne focuses on quality assurance and risk management issues for SAS 70 and SSAE 16/ISAE 3402 engagements, both in the United States and globally. She led the effort to develop Deloitte & Touche LLP’s SAS 70 policies, guidance and global training and has a current focus on the new SSAE 16 and ISAE 3402 standards. Suzanne was also a member of the ASB’s Service Organizations Task Force, which developed SSAE 16, and is currently on the ASB’s Task Force relating to the forthcoming SSAE 16 practitioner audit guide. 

Judith M. Sherinsky, CPA is a technical manager in the AICPA's Audit and Attest Standards Group. In addition to drafting audit and attestation standards with task forces of the Auditing Standards Board, she also develops engagements that are applications of the attestation standards to subject matter other than financial statements, for example, XBRL, SEC rules related to investment companies and advisers, and internal control over derivatives for insurance companies. She has staffed the Service Organizations Task Force since coming to the AICPA 20 years ago and is currently working on a new guide to help CPAs implement SSAE no. 16. Prior to joining the AICPA, she was an auditor with Mendelsohn Kary Bell & Natoli in NYC and prior to that an elementary school teacher.