When SSAE 16 replaced SAS70 as the standard for auditing service organizations, the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) expected that their guidance would be sufficient for CPA firms to develop quality engagements. Although well-known CPA firms embraced SSAE 16 and conducted thorough audits of service organizations, some firms that competed for these engagements on price were less thorough. The ASB took notice and decided to clarify the standards they originally intended for auditing service organization controls. The result of this effort is SSAE 18 which encompasses all "attestation" engagements, not just the audits of service organization controls. However, SSAE 18 does not address audits of "trust service principles" that are part of SSAE 16, SOC 2 and SOC 3 engagements. SOC 2 and SOC 3 engagements continue under SSAE 16.
Objectives of the Presentation
During this important webinar, Gary Deutsch will discuss:
Why Should you Attend
- What has changed and what is the same in the transition from SSAE 16 to SSAE 18
- How to evaluate when you can rely on SSAE 16 reports or if you need SSAE 18 reports
- How to interpret SSAE 18 SOC 1 reports to incorporate the results into your third-party vendor management regulatory compliance program
- How to effectively incorporate SSAE 18 SOC 1 risk assessments into your institution's risk assessment process
- Understand the types of engagements institutions can ask for beyond SOC 1 under SSAE 18
SSAE 18 is important to bankers because it requires CPAs to focus on such critical regulatory issues as third party vendor management practices, validating the data on reports that vendor management provides, and performing a comprehensive risk assessment of their vendor clients. These expended procedures are all directed at ensuring that the vendor's controls will not adversely impact the accuracy of the institution's financial reports. Another important addition in SSAE 18 is the need for vendors to conduct thorough due diligence and ongoing monitoring on all vendors (i.e., sub servicers) they use. Control risks increase when your vendors contract with sub servicers which are why the ASB expanded this part of the required audit process.
Please join Gary Deutsch, CPA MBA, for this timely webinar that has been developed to help you prepare for examinations of your third-party risk management program.
Who will Benefit
- Internal auditors
- Financial Institution Counsel
- Compliance Officers
- IT officers
- Risk Managers
- Vendor Managers
- Finance Officers
- Chief Operations Officers
- Chief Information Officers
- Persons responsible for electronic security
This is a 90 minutes Recorded Video Program wherein the speaker will join at the end for the Q&A session to answer your queries.