Service Organization Control Reports

Webcast :  The purpose of this 2 hour video webcast is to provide better understanding on how the replacement of SAS 70 reports by three new reporting options affects their risks and assurance concerns.
Published on April 30, 2012

IT Assurance Services

Article :  Assurance Services are independent professional services that improve information quality or its context. The major purpose of assurance services is to provide independent and professional opinions that improve the quality of information to management as well as other decision makers within an organization.
Published on April 30, 2012

Service Organization Control Reporting

Article :  Today, it is common for entities to outsource business tasks or functions to service organizations, even those that are core to an entity’s operations. Although user entities may rely on a service organization to perform outsourced tasks or functions, the user entity still retains responsibility (and the risks associated) for
Published on April 27, 2012

SOC 2 and SOC - 8 Steps to Success

Article :  This is a brief summary article to introduce an eight-step approach for organizations undertaking a SOC 2SM and/or SOC 3SM report for the first time. With the AICPA’s reintroduction of the Trust Services principles, which provides guidance to nonfinancial controls, service organizations now have a new mechanism for satisfying their
Published on April 24, 2012

Quick Reference Guide to SOC Reporting

Guide :  The Quick Reference Guide to Service Organization Control Reports is a reference that addresses key topics that may arise when user entities are determining which type of SOC report best meet their needs. The AICPA has established three service organization control (SOC) reporting options (SOC 1SM, SOC 2SM, and SOC
Published on April 24, 2012

CAATTs Ideal for Efficient Audits

Article :  The audit climate has seen dramatic changes over the last few years. With auditing standards issued and revised by the Public Company Accounting Oversight Board and the newly effective audit risk standards issued by the AICPA, there is a renewed emphasis on risk identification, evaluation of controls, and certain key
Published on January 28, 2011

How CAATTs Identifies Potentially Fraudulent Activities

Article :  This case study from Mark Mayberry explores how Computer Assisted Auditing Tools and Techniques (CAATTs) enabled him to discover fraud in a very short timeframe – all thanks to technology.
Published on January 28, 2011

Standards

Overview :  These resources help support the CPAs effort towards achieving a level of quality when providing assurance services. When used appropriately, the CPA can provide independent and professional opinions that improve the quality of information to management as well as other decision makers within an organization.
Published on December 28, 2010

Guidance

Guide :  The guidance set forth provides the CPA with direction and best practices towards improving information quality and managing information risk towards providing independent and professional opinions that improve the quality of information given to management as well as other decision makers within an organization.
Published on April 17, 2010

Assurance & Compliance Applications

Article :  This topic's emergence reflects a powerful movement by accounting technology professionals to apply process management principles and technology to drive significant improvements to the activities associated with executing and documenting Sections 302 and 404 of the Sarbanes-Oxley Act of 2002.
Published on March 18, 2010

SAS No. 70, Service Organizations

Professional Standards :  SAS No. 70 provides guidance on the factors an independent auditor should consider when auditing the financial statements of an entity that uses a service organization to process certain transactions. It also provides guidance for independent auditors who issue reports on the processing of transactions by a service organization for
Published on March 17, 2010

GTAG 4 - Management of IT Auditing

Guide :  Posted with permission by The Institute of Internal Auditors.  GTAG 4: Management of IT Auditing covers how to define IT strategy, evaluate IT-related risk, execute IT Audit, manage the IT Audit function and features some of the emerging issues affecting this area.
Published on February 04, 2010

GTAG 11 - Developing the IT Audit Plan

Guide :  Help for CAEs & internal auditors in understanding the organization and level of IT support received, the IT environment, identifying the role of risk assessment in the IT audit universe, and the annual IT audit plan.
Published on July 01, 2008

GTAG 3 - Continuous Auditing Implications for Assurance, Monitoring, and Risk Assessment

Guide :  Guidance for chief audit executives (CAEs) on how to implement an ideal strategy combining continuous auditing and continuous monitoring solutions to address challenges of compliance.
Published on June 26, 2008

GTAG 2 - Change & Patch Management Controls Critical for Organizational Success

Guide :  Guidance developed to help CAEs ask the right questions of IT organizations to assess its change management capability. Assess the overall level of process risk and determine if a more detailed process review may be necessary.
Published on June 26, 2008