CPA - small firm
CPA - medium firm
CPA - large firm
In today’s interconnected business landscape, organizations rely on third-party services and outsourcing to enhance efficiency and profitability. However, this reliance introduces risks related to the accuracy of data processed, as well as data protection and control. System and Organization Controls (SOC) reporting provides a framework to address these concerns and build trust with stakeholders.
This course covers the different types of SOC reports and their benefits, as well as the scope and evolution of SOC reporting. Attendees will gain an understanding of the four types of SOC reports, including SOC 1, which focuses on controls relevant to financial reporting; SOC 2, which assesses controls related to security, availability, processing integrity, confidentiality, and privacy; SOC 3, which requires a SOC 2 and utilizes a more concise reporting structure intended for public use; and custom attestation reporting, which provides tailored solutions to meet specific industry or customer requirements.
This course will detail the benefits of SOC reporting including enhanced transparency with internal and external stakeholders, reducing compliance costs and audit time, and meeting contractual obligations effectively. Join us to gain insights into SOC reporting, understand its impact, and learn how to build trust through adequate controls.
This presentation is part one of a three-part series.
Part 2: SOC 1 Reporting
Part 3: SOC 2 Reporting
Learning Objectives:
- Define the different types of SOC reports (SOC 1, SOC 2, SOC 3, and custom attestation reporting) and the specific controls and assurances they assess
- Recognize the benefits of SOC reporting, including enhanced transparency, reduced compliance costs, and meeting contractual obligations effectively
- Determine the scope and evolution of SOC reporting, including how organizations can start with a specific set of controls and expand as needed, as well as the adoption of SOC reporting across various industries beyond traditional sectors
Scott Mahoney
WithumSmith+Brown, PC
Senior Manager
smahoney@withum.com
(732) 828-1614
The AICPA selected Scott to write and present the first-ever Education Program for "Reporting on an Entities Cybersecurity Risk Management Program and Controls" to cybersecurity professionals obtaining SOC for Cybersecurity certification. This program is the first of its kind, and as the author and presenter, Scott is one of the first in the U.S. to become certified. With 20+ years of experience, Scott is a Senior Manager within Withum’s SOC Services practice. His expertise lies within internal control assessments, risk assessments, SOC reporting (SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity), SOX 404, and internal audit co-sourcing.
Andrea Fernandez
WithumSmith+Brown, PC
Manager, System and Assurance Advisory Services
afernandez@withum.com
Andrea has over seven years of professional experience and is a manager within the System and Assurance Advisory Services practice. She specializes in internal control assessments and consulting services relating to Sarbanes-Oxley Act (SOX) and service organization control (SOC) reporting. Andrea is involved in the issuance of over 100 SOC reports, including a combination of SOC 1, SOC 2, and SOC 3 reports.
About Our Presenter
- CPE Credits
- Support and FAQs
- Terms and Conditions
- Privacy Policy
- CPAwebengage, Inc.