The Devil is in The Details: How To Be Successful In Cross Compliance Framework Alliance

Apr 25, 2023 12:40pm ‐ Apr 25, 2023 1:30pm

Identification: TPR2302

The Devil is in The Details: How To Be Successful In Cross Compliance Framework Alliance

This session will review tactics to be successful in implementing a control environment that aligns with multiple security frameworks. The session will review common use case, pitfalls organizations find themselves in as well a review of successful case studies. We will discuss the role of compliance platforms in the process and at the end of the sessions, participants will understand what an auditor needs to do to make this successful as well as what the organization needs to do to be successful in implementing a control environment aligned with multiple frameworks.

• Identify the common roadblocks in implementing a cross compliance framework.
• Identify the role of compliance platforms in the process of implementing a cross compliance framework.
• Identify key take aways to be successful from both an auditor and organization standpoint.

SOC Independence and Peer Review Insights

Apr 25, 2023 12:40pm ‐ Apr 25, 2023 1:30pm

Identification: TPR2303

This session will highlight any Independence and Peer review insights as they relate to SOC.

• Identify how certain relationships between SOC tool providers and audit firms can impair independence or raise other ethical questions.
• Identify the importance of quality and compliance with professional standards in SOC engagements.
• Identify the requirements for CPA firms issuing SOC examination reports to undergo a peer review.
• Identify the relationship between the firm’s quality control and peer review.
• Identify common peer review findings in SOC 1 and SOC 2 engagements and why they matter.

SOC 2 Examinations: Navigating Changes to the SOC 2 Guide

Apr 25, 2023 2:00pm ‐ Apr 25, 2023 2:50pm

Identification: TPR2304

This session will help enhance understanding the use of SOC 2 reports to support trusted reliance on third parties. We will cover ways clients can differentiate their SOC reporting.

• Identify changes in the 2022 SOC 2 Guide that may apply to a practitioner's services
• Identify changes in the 2022 SOC 2 Guide that may apply to the use of the SOC 2 report

Start Here...with Risk Assessments

Apr 25, 2023 3:00pm ‐ Apr 25, 2023 3:50pm

Identification: TPR2306

Risk assessments have been a primary focus area for firms as well as peer reviewers. Assessing risk is a continual process through an engagement life cycle (from client acceptance to planning to evaluating the results). This session with strive to answer three questions: What is a risk assessment? Why do we keep talking about it? And…where do you start?

• Identify the different types of risk assessments and their role within an engagement.
• Identify materiality considerations when performing a risk assessment.

SOC 1 Examinations

Apr 25, 2023 3:00pm ‐ Apr 25, 2023 3:50pm

Identification: TPR2305

This session will discuss the updates that have been made to the SOC 1 guide, and address the basics of SOC 1 engagements, including:

- obtaining an understanding of the service organization's system and relevant controls

- determining whether control objectives are appropriate

- evaluating suitability of design

- evaluating operating effectiveness

- forming an opinion in the SOC 1 report

• Identify the purpose and applicability of SOC 1 Reports
• Recognize the components of a SOC 1 Report

Using GRC Products - Tools for SOC Engagement - Workflow and Day Close

Apr 25, 2023 4:00pm ‐ Apr 25, 2023 5:00pm

Identification: TPR2307

With the growing pool of GRC and "SOC automation" tools entering the market, SOC practitioners are eager to understand the impact on SOC engagements. In this session, we will discuss the good, the bad, and the potentially non-conforming aspects of engagements that utilize these tools.

• Identify the fundamentals of SOC 2 reporting, and identify unique aspects of the software market as it relates to SOC 2
• Identify the technical aspects of SOC 2 tools
• Identify considerations & challenges in this space
• Analyze Service organization & auditor responsibilities
• Analyze auditor relationships & best practices

AICPA Update: The Evolving Assurance and Advisory Landscape

Apr 26, 2023 1:40pm ‐ Apr 26, 2023 2:30pm

Identification: TPR2310

The AICPA’s Assurance Services Executive Committee (ASEC) is responsible for addressing current market needs, particularly those that arise from the use of new and emerging technologies, through the development of new assurance and advisory solutions. This session will offer an inside look into ASEC’s current projects including Cybersecurity, SOC Reporting, ESG, Digital Assets, and other emerging areas.

• Identify the mission and objectives of the Assurance Services Executive Committee (ASEC).
• Identify the ASEC’s current projects and areas of focus.
• Identify future initiatives supporting CPAs in this space.

How to Handle Vendor Management

Apr 26, 2023 3:00pm ‐ Apr 26, 2023 3:50pm

Identification: TPR2311

This session with explore the requirements and best practices related to vendor management - both for companies and for the reviewing of what is done for SOC engagements.  We will explore issues that companies face related to vendor management and how to overcome those issues or risks during the SOC engagement. 

• Identify the issues companies face when doing vendor management
• Identify how to properly review vendor management activities during an SOC engagements
• Identify expectations with vendor managements related to SOC engagements

SOC School Debrief - The Most Commonly Asked Questions

Apr 26, 2023 3:00pm ‐ Apr 26, 2023 3:50pm

Identification: TPR2312

Over the past several years, the AICPAs SOC school has been a key point of interaction between SOC practitioners across the globe, from new associates to senior partners. Through the dialogue that occurs during the SOC School, its instructors get an invaluable glimpse into the common questions among practitioners and the areas of guidance that are often unknown or misunderstood. Hear from one of these instructors as we revisit the most commonly asked SOC School questions and explore the guidance-based answers.

• Identify common questions and areas of challenge in the delivery of SOC attestation services.
• Identify key portions of SOC attestation guidance.

Ask the Experts - Panel and Closing Remarks

Apr 26, 2023 4:00pm ‐ Apr 26, 2023 5:00pm

Identification: TPR2313

This session will grant attendees the opportunity to bring forward questions relevant to matters of SOC and Third-Party Risk. All topics are fair game; our panel of experts will facilitate dialogue and deliver answers on the spot.

• Apply critical thinking in finding answers to questions posed by other SOC and risk professionals.
• Identify matters pertaining to SOC and third-party risk via discussion.