SOC and SSAE 18 Reporting: Practical Tips and Strategies Explored
As of May 1, 2017, the American Institute of Certified Public Accountants (AICPA) implemented the Statement on Standards for Attestation Engagements (SSAE) 18. This updated standard requires companies to take full control and responsibility of their internal controls and to enhance their risk assessment procedures. Mainly focusing on service organizations and third-party vendors, the changes were intended to enhance Service Organization Control (SOC) reports' quality and usefulness.
To ensure compliance with SSAE 18, companies must understand and address the challenges of internal controls reporting process. A number of considerations must also be taken into account to save money, effort, and time.
In this LIVE Webcast, seasoned CPAs Steve Guarini (Cohen & Company) and Shabbir Hassanali (Mazars USA LLP) will help companies understand the attestation changes under SSAE 18. As experts, they will provide an in-depth discussion of the recent updates about SSAE 18 and its pros and cons. Speakers will also offer practical tips and best practices in minimizing risks and in complying with SSAE 18.
Key topics include:
- SSAE 18 Audit Standard Updates
- Pros and Cons of SSAE
- Addressing Risk
- Best Compliance Practices
- Identify the facts about and the importance of SOC and SSAE 18 reporting
- Recognize the role of subservice organizations and related vendor management, risk assessment, and a management’s assertion in SOC and SSAE 18 reporting
Shabbir Hassanali, CPA, CITP, CISA, Director
Mazars USA LLP
- Overview of SOC reports SOC 1, 2, 3 , Type 1, Type 2)
- Benefits and importance of SOC reporting
- Addressing contractual obligations
- Address data accuracy and data security risks – marketplace concerns
- Providing transparency to internal/external stakeholders over internal control environment
- Stay and remain competitive in the market
- History of SOC reporting standards – SAS70 –> SSAE 16 -> SSAE 18 -> SOC 2
Steve Guarini, CPA, CGMA, Partner
Cohen & Company
- Subservice organizations and related vendor management and the role it plays in SOC reporting
- SOC in a smaller organization – how to make it work
- Exactly what is the “assertion” that management must provide with a SOC report – why is it needed?
- Risk assessment – exactly what do we need to do?
Who Should Attend:
- Information Security Professionals
- Information Technology Managers
- Chief Compliance Officers
- Chief Risk Officers
- Internal Auditors
- Chief Financial Officers
- Corporate Counsel
Shabbir has a decade of experience providing cross-functional services to clients, including SOC reporting, financial and IT assurance and advisory, risk management, SOX 404 compliance and forensic accounting for multiple mid-sized to large companies. Shabbir performs and leads System and Organization Controls (SOC) audits, including readiness assessments, gap analysis, documentation of process narratives, testing and remediation of business and IT controls, and preparation and issuance of reports. He also has substantial experience in advisory services including managing several internal audit outsourcing/co-sourcing projects through developing and executing financial and IT risk assessments, and assessing IT general, application and cybersecurity processes and controls to determine if controls are suitably designed and operating effectively relative to the clients’ size, complexity and risk appetite.
Shabbir has a decade of experience providing cross-functional services to clients, including SOC reporting, financial and IT assurance and advisory, …
Steve brings a real energy to client engagements. Trusted for both his technical and business savvy, he continuously seeks ways to improve and grow, including learning about new ideas and techniques that may help clients achieve greater success. Steve remains dedicated to working beyond what is expected without being asked, communicating early and often, and treating clients and colleagues with respect.
With more than 30 years as a CPA, including national firm experience, Steve is one of the firm’s technical resources for the application and implementation of audit and attest requirements, as well as the proper presentation of GAAP financial statement disclosures. He also has deep expertise in the area of SOC 1 and SOC 2 reports. In addition to not-for-profit entities, Steve works with clients in a variety of industries, including manufacturing and distribution.
Steve brings a real energy to client engagements. Trusted for both his technical and business savvy, he continuously seeks ways …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE); Group-Internet Based
General knowledge on audit reports and standards
NY Category of CLE Credit:
Areas of Professional Practice
NASBA Field of Study:
Auditing - Technical
1.0 CPE (Not eligible for QAS (On-demand) CPE credits)
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Mazars USA LLP
Mazars USA LLP is a high-performing accounting, tax and consulting firm with significant national presence in strategic US geographies. Since 1921, our dedicated professionals have leveraged technical industry expertise to develop customized solutions for clients, create value, and Optimize their performance. We offer a broad array of industry specialists providing services to growth-oriented enterprises and individuals. As the independent US member firm of Mazars Group, we deliver seamless access to the expertise of 23,000 professionals in 89 countries.
At local and global levels, we are proud of our value-added services, building lasting relationships with our clients and communities. For more information, visit us at www.mazarsusa.com.
About Cohen & Company
Ranked as the 5th fastest growing accounting firm in the country, Cohen & Company offers assurance, tax and advisory services to clients throughout the U.S. and worldwide. The firm serves a broad range of clients, from privately held companies and their owners; to public and private funds, advisors and fund service providers within the investment industry; to Fortune 1000 multinational enterprises. Cohen & Company was founded in 1977; has more than 650 associates in Illinois, Ohio, Maryland, Michigan, New York, Pennsylvania and Wisconsin; and has an international presence in the Cayman Islands and Ireland. Learn more at cohencpa.com.