Keys of SOC Reports - Following SSAE 18 Requirements

Overview

Today's businesses have seen a dramatic increase in the use of outsourced providers to assist with executing processes from payroll, accounts payable, information technology, benefit plan administration and many other core processes. These processes ultimately have an impact on an organization's internal control over financial reporting but also could impact compliance and operational issues

In 2011, the Statement on Standards for Attestation Engagements (SSAE) 16 replaced the former Statement on Auditing Standards (SAS) 70. In May 2017, a new standard, SSAE 18, superseded SSAE 16

The concepts covered in this course are referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should understand the various types of SOC reports, their intended use and their implication on a company's financial reporting process, regardless of your status as a publicly traded or privately held organization. The process can be complicated to understand as a user organization. Currently, several types of SOC Reports exist including:

SOC 1 - Type 1
SOC 1 - Type 2
SOC 2 - Type 1
SOC 2 - Type 2
SOC 3
Cybersecurity SOC

This course speaks briefly to the transition from SAS 70 to SSAE 16 and now SSAE 18. However, the focus is on the various Service Organization Control Reports, their purposes and uses

Highlights

Move from SAS 70 and SSAE 16 to SSAE 18
Types of Service Organizations
SOC 1 Engagements
Control Objectives
Reporting
SOC 1 and SOC 2 Reporting
SOC 3 Reports
Preparing for SOC Engagement
SOC Comparisons

Prerequisites

None

Designed For

CPAs, Corporate personnel working with SOC providers, consultants providing SOC reports

Objectives

Explore the transition of the accounting standards from Statement on Auditing Standards (SAS) 70 to Statement on Standards for Attestation Engagements (SSAE) 16 and now SSAE 18
Recognize the various types of service and subservice organizations
Explore procedures to conduct a SOC (Service Organization Control) 1 engagement, develop proper control objectives and determine specific reporting methods
Explore procedures to conduct and report on a SOC 2 engagement
Recognize the requirements for SOC 3 reports
Explore the SOC cybersecurity requirements
Recognize the requirements to prepare for a SOC engagement
Recognize the requirements for user entities

Preparation

None

Credits

Level

Code

Vendor

Fields of Study

Leader(s):

Lynn Fountain, Sole Proprietor

Leader Bios

Lynn Fountain, Sole Proprietor

Lynn Fountain, CGMA, CRMA, MBA, has over 30 years of experience in the business profession, which includes public and industry accounting and over 20 years within internal and external auditing combined. She is a nationally recognized trainer and speaker and also a published author. She is a subject matter expert and specializes in Internal Audit, Sarbanes-Oxley, Enterprise Risk Management, Fraud, Governance and Compliance. Ms. Fountain has held two Chief Audit Executive positions for international companies. She has also been instrumental in the establishment of ERM, Sarbanes-Oxley and Governance frameworks.

Ms. Fountain has developed and delivered leading edge training sessions on the new COSO framework and has assisted companies in identifying risk gap analysis in their individual processes. She currently executes two highly recognized e-workshops for the Institute of Internal Auditors, one on Fraud and the second on Ethics. Both workshops have incorporate aspects of COSO 2013.

Ms. Fountain is in the process of authoring a publication for the IIA Research Foundation on aspects of fraud auditing. The publication is due out in 2015. In addition, she has performed as an adjunct instructor for the School of Business for Grantham University and the School of Business at the University of Kansas. Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas.

Return to Top