Download Presentation - Plante Moran
Download Presentation - Plante Moran Download Presentation - Plante Moran
Introduction Although a company may outsource tasks to a service organization, company management retains its responsibility for the outsourced tasks and the manner in which they are performed. For this reason, it is important for service organizations to provide their customers with sufficient information about the system used to perform outsourced tasks. In order to provide customers with assurance that stakeholder expectations are met, a service organization needs a process for: Developing procedures to identify risks resulting from its outsourcing relationships. Assessing those risks. Identifying controls at the service organizations that address the risks. Evaluating the suitability of the design and operating effectiveness of the service organization’s controls. Implementing and maintaining controls to address risks not addressed by controls at the service organization. 4
Service Organizations that need a SOC review Medical & insurance claims processors Cloud Computing / Software as a service Data Center Hosting Payroll processing Loan servicing Mortgage servicers Custodians for investment companies Sub-service Organizations 5
- Page 1 and 2: Service Organizations Control (SOC)
- Page 3: Introduction Many companies functio
- Page 7 and 8: Benefits to User Organization User
- Page 9 and 10: Reasons for New Standard Clear con
- Page 11 and 12: SOC - Types of Engagements Regardle
- Page 13 and 14: SOC 1 Control Objective Examples IT
- Page 15 and 16: SAS 70 vs. SSAE 16 Report Date Plan
- Page 17 and 18: Preparing for a SOC Review (cont.)
- Page 19 and 20: Preparing for a SOC Review (cont.)
- Page 21 and 22: Case Study - Risk Assessment Object
- Page 23 and 24: During the SOC Review Types of Test
- Page 25 and 26: Reporting Types of Opinions Unqual
- Page 27 and 28: Management Assertion (additional re
- Page 29 and 30: SOC Seals & Logos There are three
Introduction<br />
Although a company may outsource tasks to a service organization, company management retains its<br />
responsibility for the outsourced tasks and the manner in which they are performed. For this reason, it is<br />
important for service organizations to provide their customers with sufficient information about the system<br />
used to perform outsourced tasks. In order to provide customers with assurance that stakeholder<br />
expectations are met, a service organization needs a process for:<br />
Developing procedures to identify risks resulting<br />
from its outsourcing relationships.<br />
Assessing those risks.<br />
Identifying controls at the service organizations<br />
that address the risks.<br />
Evaluating the suitability of the design and<br />
operating effectiveness of the service<br />
organization’s controls.<br />
Implementing and maintaining controls to address<br />
risks not addressed by controls at the service<br />
organization.<br />
4