SlideShare a Scribd company logo

Internal Control Certification – It’s Not Just an Accounting Thing (Credit Union Conference Presentation)

NAFCU Services Corporation
NAFCU Services Corporation

In this recorded 2012 NAFCU Technology & Security Conference session, you will learn about the internal control certification process and how it impacts more than just the accounting department. Discover the importance of becoming internal control certified, gain insight on the impact of recent regulation change from SAS70 to SSAE 16, and get a walkthrough of the process and audit reports (Type I & Type II) as well as discuss the involvement from the “technology side of the house,” including documentation of systems controls, disaster recovery and more! Presented by Jeff Ziliani, CPA, Director of Finance and Administration, Burns-Fazzi, Brock Burns-Fazzi, Brock is the NAFCU Services Preferred Partner for Executive Benefits and Compensation Consulting and Long Term Care Insurance. More information at http://www.nafcu.org/bfb

Business
1 of 27
Download to read offline
Internal Control Certification – It’s Not Just an Accounting Thing Presented by Jeff Ziliani, CPA Burns-Fazzi, Brock & Associates
Internal Controls in the News “Corzine’s lack of internal controls at MF Global gets exposed with missing money” – Bloomberg News, November 2, 2011 “UBS says some internal controls were not effective” – Reuters, October 25, 2011
Internal Controls in the News (cont.) “A Red Flag on G.M. Internal Controls” – New York Times, August 20, 2010 “Lack of internal controls could present problems for cattle industry” – Farm & Dairy, August 12, 2010
Internal Controls in the News (cont.) “The ability to plan for the short- and long-term, determine product offerings, perform initial and ongoing due diligence over any third-party relationships and set appropriate limits through policies and procedures mitigates strategic risk.” - Debbie Matz, NCUA Chairman Excerpt from Letter No.: 11-CU-16 Issued Oct. 2011
IC Certification / Due Diligence The Challenge: • Increasing reliance on the outsourcing of certain tasks or functions • Increasing dependency on external technology and information systems • Pressures of profitability, fraud and embezzlement at an all-time high
IC Certification / Due Diligence (cont.) • Consumer confidence stressed – need for “peace of mind” The Solution: • Building trust and confidence through a report issued by an independent Certified Public Accountant
Examples of Services Within Scope
Examples of Services Within Scope (cont.) • Financial Services Customer Accounting • Loan / Claims Management and Processing • Cloud Computing • Managed Security • Customer Support • Sales Force Automation • Enterprise IT Outsourcing Services
Changing Standards Statement of Auditing Standards (SAS) No. 70, Service Organizations Effective – April 1992
Changing Standards (cont.) Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization Effective – On or after June 15, 2011
What Changed? 1.The name. 2.Now have 3 different Service Organization Controls (SOC) reports to meet specific user needs. 3.Management to provide a written assertion to be included in the auditor’s report.
• Description of Service Organization’s System • CPA’s opinion on fairness of presentation of the description, suitability of design and in a type 2 report, the operating effectiveness of controls • A type 2 report includes a description of the CPA’s tests of controls and results
• Unaudited system description used to delineate the boundaries of the system • CPA’s opinion on whether the entity maintained effective controls over its system
Walkthrough of the Process Responsibilities of Management • Determine the scope of engagement to be performed - What service / system / process are we looking to be included in this engagement? - Is this a Type 1 or 2 engagement?
Walkthrough of the Process (cont.) Responsibilities of Management (cont.) • Prepare a written description of the system / controls within scope. • Provide a written assertion regarding the design, implementation and operation of the controls of the service organization’s system.
Walkthrough of the Process (cont.) Identification of Control Objectives • SOC 1 Engagements: - Control objectives determined and documented by Management. • SOC 2 & 3 Engagements: - Control objectives based on applicable Trust Services Principles and Criteria.
Walkthrough of the Process (cont.) Trust Services Principles and Criteria “Checklist” approach broken into the following areas: • Security • Availability • Processing Integrity • Confidentiality • Privacy The engagement may cover one, multiple or all of the principles.
Walkthrough of the Process (cont.) Additional Guidance • Provide access to all information. • Be proactive in documenting changes in controls/systems. • Disclose any design or operating deficiencies.
Walkthrough of the Process (cont.) Additional Guidance (cont.) • Provide evidence that a control is operating effectively. • For Type 2 engagements, the auditor will be testing to see if the control has been operating effectively over the period within scope, typically no shorter than a 6 month period.)
Walkthrough of the Process (cont.) Q. Does obtaining a SSAE16 report mean that the entire organization is now “SSAE16 certified”? A. No. The auditor’s report is limited in scope to the specific services or systems controls and does not encompass all controls and areas of the organization.
Walkthrough of the Process (cont.) Q. Is this a one-time process? A. No. At least quarterly, it is a best practice to document any changes to controls. In addition, the report itself will need to be “kept current” as the report tells the users that the controls addressed in the report existed and operating effectively at or during a certain period of time.
Due Diligence- What to Look For
Due Diligence- What to Look For (cont.) • Is the service or specific system controls covered by the SSAE 16 report? • Which accounting firm performed the work? • What is the period of time covered by the report? • What type of report is it?
Due Diligence- What to Look For (cont.) • Were there any exceptions or deficiencies noted in the auditor’s report? • Is there any other useful information about the vendor that is included in the report? (ie: disaster recovery plan) • What are the next steps?
Additional Resources American Institute of Certified Public Accountants www.AICPA.org SSAE16 Information, FAQ, Latest News, etc. www.SSAE16.com IT Governance Institute www.ITGI.org
“Internal Controls cannot make an institution successful, but the lack of controls or only partial controls can be and commonly is a cause of its failure.” - Gene Bucciarelli, CPA, BankersOnline.com

Recommended

Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
Internal Controls
Internal ControlsInternal Controls
Internal ControlsNational Pork Board
 
Auditor Reporting on Controls at Service Organizations
Auditor Reporting on Controls at Service OrganizationsAuditor Reporting on Controls at Service Organizations
Auditor Reporting on Controls at Service OrganizationsUniversity of Waterloo
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
It change management
It change managementIt change management
It change managementIT-Toolkits.org
 
008.itsecurity bcp v1
008.itsecurity bcp v1008.itsecurity bcp v1
008.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Support for Improvement in Governance and Management SIGMA
 

Recommended

Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
Internal Controls
Internal ControlsInternal Controls
Internal ControlsNational Pork Board
 
Auditor Reporting on Controls at Service Organizations
Auditor Reporting on Controls at Service OrganizationsAuditor Reporting on Controls at Service Organizations
Auditor Reporting on Controls at Service OrganizationsUniversity of Waterloo
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
It change management
It change managementIt change management
It change managementIT-Toolkits.org
 
008.itsecurity bcp v1
008.itsecurity bcp v1008.itsecurity bcp v1
008.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Support for Improvement in Governance and Management SIGMA
 
New approaches in internal audit
New approaches in internal auditNew approaches in internal audit
New approaches in internal auditSalih Islam
 
Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...Support for Improvement in Governance and Management SIGMA
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsMoss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsAISDC
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreementsRichard Austin
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )TaDo8
 
Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Support for Improvement in Governance and Management SIGMA
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
Database auditing models
Database auditing models Database auditing models
Database auditing models ERSHUBHAM TIWARI
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 
Relying on the Third Party
Relying on the Third PartyRelying on the Third Party
Relying on the Third Partysabrina_maeng
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyDavid Thompson
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Developmentessbaih
 
цахим керамикийн урлаг
цахим керамикийн урлагцахим керамикийн урлаг
цахим керамикийн урлагjargaahai
 
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwpPresentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwpmvaage
 

More Related Content

What's hot

New approaches in internal audit
New approaches in internal auditNew approaches in internal audit
New approaches in internal auditSalih Islam
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsMoss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsAISDC
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreementsRichard Austin
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )TaDo8
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1Cheng Olayvar
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Sharah Ayumi
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 
Relying on the Third Party
Relying on the Third PartyRelying on the Third Party
Relying on the Third Partysabrina_maeng
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyDavid Thompson
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Developmentessbaih
 

What's hot (20)

New approaches in internal audit
New approaches in internal auditNew approaches in internal audit
New approaches in internal audit
 
Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...Presentation 6, Steps of system based auditing, Workshop on System-based audi...
Presentation 6, Steps of system based auditing, Workshop on System-based audi...
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
Internal Control
Internal ControlInternal Control
Internal Control
 
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsMoss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC Audits
 
Audit clauses in IT agreements
Audit clauses in IT agreementsAudit clauses in IT agreements
Audit clauses in IT agreements
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit Approach
 
Internal audit ( pdf drive )
Internal audit ( pdf drive )Internal audit ( pdf drive )
Internal audit ( pdf drive )
 
Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...Presentation 11, Test of controls of the system, Workshop on System-based aud...
Presentation 11, Test of controls of the system, Workshop on System-based aud...
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
Database auditing models
Database auditing models Database auditing models
Database auditing models
 
Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6Auditing by CIS . Chapter 6
Auditing by CIS . Chapter 6
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
 
Relying on the Third Party
Relying on the Third PartyRelying on the Third Party
Relying on the Third Party
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
Prepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case StudyPrepare a Preliminary Audit Plan based on a Case Study
Prepare a Preliminary Audit Plan based on a Case Study
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Development
 

Viewers also liked

цахим керамикийн урлаг
цахим керамикийн урлагцахим керамикийн урлаг
цахим керамикийн урлагjargaahai
 
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwpPresentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwpmvaage
 
21st century trends_in_hr_jody_shelton
21st century trends_in_hr_jody_shelton21st century trends_in_hr_jody_shelton
21st century trends_in_hr_jody_sheltonPriya Sahni
 
Soko test-2
Soko test-2Soko test-2
Soko test-2Soko_92
 
La fibrillazione atriale e il medico di famiglia
La fibrillazione atriale e il medico di famigliaLa fibrillazione atriale e il medico di famiglia
La fibrillazione atriale e il medico di famigliaGiovanni Pagana
 
Il medico di famiglia e lo straniero
Il medico di famiglia e lo stranieroIl medico di famiglia e lo straniero
Il medico di famiglia e lo stranieroGiovanni Pagana
 
An analysis of employee benefits
An analysis of employee benefitsAn analysis of employee benefits
An analysis of employee benefitsSafwat Jahan
 
The Ultimate Lessons From Steve Jobs
The Ultimate Lessons From Steve JobsThe Ultimate Lessons From Steve Jobs
The Ultimate Lessons From Steve JobsSantosh Maurya
 
The Missing Million
The Missing MillionThe Missing Million
The Missing MillionILC- UK
 
Magic Wing Admin - Grow Your Business
Magic Wing Admin - Grow Your BusinessMagic Wing Admin - Grow Your Business
Magic Wing Admin - Grow Your BusinessDeidra Miller
 
Mmg e tromboembolismo nel malato oncologico
Mmg e tromboembolismo nel malato oncologicoMmg e tromboembolismo nel malato oncologico
Mmg e tromboembolismo nel malato oncologicoGiovanni Pagana
 
Medico di famiglia e stroke
Medico di famiglia e strokeMedico di famiglia e stroke
Medico di famiglia e strokeGiovanni Pagana
 
La borsa del medico di medicina generale
La borsa del medico di medicina generaleLa borsa del medico di medicina generale
La borsa del medico di medicina generaleGiovanni Pagana
 

Viewers also liked (18)

цахим керамикийн урлаг
цахим керамикийн урлагцахим керамикийн урлаг
цахим керамикийн урлаг
 
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwpPresentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
Presentasjon av toril opsahls hovedfunn og kap 4 i ungdomsspråk pwp
 
21st century trends_in_hr_jody_shelton
21st century trends_in_hr_jody_shelton21st century trends_in_hr_jody_shelton
21st century trends_in_hr_jody_shelton
 
Soko test-2
Soko test-2Soko test-2
Soko test-2
 
La fibrillazione atriale e il medico di famiglia
La fibrillazione atriale e il medico di famigliaLa fibrillazione atriale e il medico di famiglia
La fibrillazione atriale e il medico di famiglia
 
Il medico di famiglia e lo straniero
Il medico di famiglia e lo stranieroIl medico di famiglia e lo straniero
Il medico di famiglia e lo straniero
 
An analysis of employee benefits
An analysis of employee benefitsAn analysis of employee benefits
An analysis of employee benefits
 
2.8 notes
2.8 notes2.8 notes
2.8 notes
 
Vzvvlen 3
Vzvvlen 3Vzvvlen 3
Vzvvlen 3
 
The Ultimate Lessons From Steve Jobs
The Ultimate Lessons From Steve JobsThe Ultimate Lessons From Steve Jobs
The Ultimate Lessons From Steve Jobs
 
4.5 notes
4.5 notes4.5 notes
4.5 notes
 
The Missing Million
The Missing MillionThe Missing Million
The Missing Million
 
Magic Wing Admin - Grow Your Business
Magic Wing Admin - Grow Your BusinessMagic Wing Admin - Grow Your Business
Magic Wing Admin - Grow Your Business
 
Mmg e tromboembolismo nel malato oncologico
Mmg e tromboembolismo nel malato oncologicoMmg e tromboembolismo nel malato oncologico
Mmg e tromboembolismo nel malato oncologico
 
Recent newsletter sample
Recent newsletter sampleRecent newsletter sample
Recent newsletter sample
 
2.3 notes
2.3 notes2.3 notes
2.3 notes
 
Medico di famiglia e stroke
Medico di famiglia e strokeMedico di famiglia e stroke
Medico di famiglia e stroke
 
La borsa del medico di medicina generale
La borsa del medico di medicina generaleLa borsa del medico di medicina generale
La borsa del medico di medicina generale
 

Similar to Internal Control Certification – It’s Not Just an Accounting Thing (Credit Union Conference Presentation)

Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions OverviewJeffrey Paulette
 
BKMSH Basics of SOC II
BKMSH Basics of SOC IIBKMSH Basics of SOC II
BKMSH Basics of SOC IIMojoFinancial
 
A Beginner's Guide to SOC 2 Certification
A Beginner's Guide to SOC 2 CertificationA Beginner's Guide to SOC 2 Certification
A Beginner's Guide to SOC 2 CertificationShyamMishra72
 
2018 Val Act: Session 22 - Material weakness
2018 Val Act: Session 22 - Material weakness2018 Val Act: Session 22 - Material weakness
2018 Val Act: Session 22 - Material weaknessAlex Hovi
 
Evaluating Service Organization Control Reports
Evaluating Service Organization Control ReportsEvaluating Service Organization Control Reports
Evaluating Service Organization Control ReportsJay Crossland
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsHow to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsSalvi Jansen
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material WeaknessMarkSpong1
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...Nancy Ideker
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxGaneshMeenakshiSunda4
 
BKMSH Basics of SOC III
BKMSH Basics of SOC IIIBKMSH Basics of SOC III
BKMSH Basics of SOC IIIMojoFinancial
 
BKMSH Basics of SOC III
BKMSH Basics of SOC IIIBKMSH Basics of SOC III
BKMSH Basics of SOC IIIMojoFinancial
 
Breakout_-_NCR_writing_and_closure.ppt
Breakout_-_NCR_writing_and_closure.pptBreakout_-_NCR_writing_and_closure.ppt
Breakout_-_NCR_writing_and_closure.pptValentinoDhiyu1
 
Basic concepts of quality assurance
Basic concepts of quality assuranceBasic concepts of quality assurance
Basic concepts of quality assurancesonaliph
 

Similar to Internal Control Certification – It’s Not Just an Accounting Thing (Credit Union Conference Presentation) (20)

Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
Due dilligence on a cpa firm or other accounting services provdier
Due dilligence on a cpa firm or other accounting services provdierDue dilligence on a cpa firm or other accounting services provdier
Due dilligence on a cpa firm or other accounting services provdier
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions Overview
 
BKMSH Basics of SOC II
BKMSH Basics of SOC IIBKMSH Basics of SOC II
BKMSH Basics of SOC II
 
A Beginner's Guide to SOC 2 Certification
A Beginner's Guide to SOC 2 CertificationA Beginner's Guide to SOC 2 Certification
A Beginner's Guide to SOC 2 Certification
 
2018 Val Act: Session 22 - Material weakness
2018 Val Act: Session 22 - Material weakness2018 Val Act: Session 22 - Material weakness
2018 Val Act: Session 22 - Material weakness
 
Evaluating Service Organization Control Reports
Evaluating Service Organization Control ReportsEvaluating Service Organization Control Reports
Evaluating Service Organization Control Reports
 
Coso Monitoring - Templates
Coso Monitoring - TemplatesCoso Monitoring - Templates
Coso Monitoring - Templates
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsHow to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 Reports
 
2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness2018 ValAct - Session 22 - Material Weakness
2018 ValAct - Session 22 - Material Weakness
 
Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013Hanrick Curran Audit Training - Internal Controls - March 2013
Hanrick Curran Audit Training - Internal Controls - March 2013
 
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
An IT Service Reporting Framework for Effective Implementation of ITIL Contin...
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
 
BKMSH Basics of SOC III
BKMSH Basics of SOC IIIBKMSH Basics of SOC III
BKMSH Basics of SOC III
 
BKMSH Basics of SOC III
BKMSH Basics of SOC IIIBKMSH Basics of SOC III
BKMSH Basics of SOC III
 
Breakout_-_NCR_writing_and_closure.ppt
Breakout_-_NCR_writing_and_closure.pptBreakout_-_NCR_writing_and_closure.ppt
Breakout_-_NCR_writing_and_closure.ppt
 
Basic concepts of quality assurance
Basic concepts of quality assuranceBasic concepts of quality assurance
Basic concepts of quality assurance
 

More from NAFCU Services Corporation

Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014NAFCU Services Corporation
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models NAFCU Services Corporation
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...NAFCU Services Corporation
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...NAFCU Services Corporation
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comNAFCU Services Corporation
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...NAFCU Services Corporation
 
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...NAFCU Services Corporation
 
Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...NAFCU Services Corporation
 
Credit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesCredit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesNAFCU Services Corporation
 
Quantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programQuantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programNAFCU Services Corporation
 
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...NAFCU Services Corporation
 
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...NAFCU Services Corporation
 
Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)NAFCU Services Corporation
 
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)NAFCU Services Corporation
 

More from NAFCU Services Corporation (20)

Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
 
Debt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | SecurianDebt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | Securian
 
Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient? Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient?
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models
 
Strategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ MyersStrategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ Myers
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
 
Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number? Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number?
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
 
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
 
Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...
 
Credit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesCredit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivables
 
Quantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programQuantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management program
 
SAS Institute: Big data and smarter analytics
SAS Institute: Big data and smarter analyticsSAS Institute: Big data and smarter analytics
SAS Institute: Big data and smarter analytics
 
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
 
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
 
Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)
 
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
 
Desktop Underwriter® Training Webinar Slides
Desktop Underwriter® Training Webinar SlidesDesktop Underwriter® Training Webinar Slides
Desktop Underwriter® Training Webinar Slides
 

Recently uploaded

Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 

Recently uploaded (20)

Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 

Internal Control Certification – It’s Not Just an Accounting Thing (Credit Union Conference Presentation)

  • 1. Internal Control Certification – It’s Not Just an Accounting Thing Presented by Jeff Ziliani, CPA Burns-Fazzi, Brock & Associates
  • 2. Internal Controls in the News “Corzine’s lack of internal controls at MF Global gets exposed with missing money” – Bloomberg News, November 2, 2011 “UBS says some internal controls were not effective” – Reuters, October 25, 2011
  • 3. Internal Controls in the News (cont.) “A Red Flag on G.M. Internal Controls” – New York Times, August 20, 2010 “Lack of internal controls could present problems for cattle industry” – Farm & Dairy, August 12, 2010
  • 4. Internal Controls in the News (cont.) “The ability to plan for the short- and long-term, determine product offerings, perform initial and ongoing due diligence over any third-party relationships and set appropriate limits through policies and procedures mitigates strategic risk.” - Debbie Matz, NCUA Chairman Excerpt from Letter No.: 11-CU-16 Issued Oct. 2011
  • 5. IC Certification / Due Diligence The Challenge: • Increasing reliance on the outsourcing of certain tasks or functions • Increasing dependency on external technology and information systems • Pressures of profitability, fraud and embezzlement at an all-time high
  • 6. IC Certification / Due Diligence (cont.) • Consumer confidence stressed – need for “peace of mind” The Solution: • Building trust and confidence through a report issued by an independent Certified Public Accountant
  • 7. Examples of Services Within Scope
  • 8. Examples of Services Within Scope (cont.) • Financial Services Customer Accounting • Loan / Claims Management and Processing • Cloud Computing • Managed Security • Customer Support • Sales Force Automation • Enterprise IT Outsourcing Services
  • 9. Changing Standards Statement of Auditing Standards (SAS) No. 70, Service Organizations Effective – April 1992
  • 10. Changing Standards (cont.) Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization Effective – On or after June 15, 2011
  • 11. What Changed? 1.The name. 2.Now have 3 different Service Organization Controls (SOC) reports to meet specific user needs. 3.Management to provide a written assertion to be included in the auditor’s report.
  • 12.
  • 13. • Description of Service Organization’s System • CPA’s opinion on fairness of presentation of the description, suitability of design and in a type 2 report, the operating effectiveness of controls • A type 2 report includes a description of the CPA’s tests of controls and results
  • 14. • Unaudited system description used to delineate the boundaries of the system • CPA’s opinion on whether the entity maintained effective controls over its system
  • 15. Walkthrough of the Process Responsibilities of Management • Determine the scope of engagement to be performed - What service / system / process are we looking to be included in this engagement? - Is this a Type 1 or 2 engagement?
  • 16. Walkthrough of the Process (cont.) Responsibilities of Management (cont.) • Prepare a written description of the system / controls within scope. • Provide a written assertion regarding the design, implementation and operation of the controls of the service organization’s system.
  • 17. Walkthrough of the Process (cont.) Identification of Control Objectives • SOC 1 Engagements: - Control objectives determined and documented by Management. • SOC 2 & 3 Engagements: - Control objectives based on applicable Trust Services Principles and Criteria.
  • 18. Walkthrough of the Process (cont.) Trust Services Principles and Criteria “Checklist” approach broken into the following areas: • Security • Availability • Processing Integrity • Confidentiality • Privacy The engagement may cover one, multiple or all of the principles.
  • 19. Walkthrough of the Process (cont.) Additional Guidance • Provide access to all information. • Be proactive in documenting changes in controls/systems. • Disclose any design or operating deficiencies.
  • 20. Walkthrough of the Process (cont.) Additional Guidance (cont.) • Provide evidence that a control is operating effectively. • For Type 2 engagements, the auditor will be testing to see if the control has been operating effectively over the period within scope, typically no shorter than a 6 month period.)
  • 21. Walkthrough of the Process (cont.) Q. Does obtaining a SSAE16 report mean that the entire organization is now “SSAE16 certified”? A. No. The auditor’s report is limited in scope to the specific services or systems controls and does not encompass all controls and areas of the organization.
  • 22. Walkthrough of the Process (cont.) Q. Is this a one-time process? A. No. At least quarterly, it is a best practice to document any changes to controls. In addition, the report itself will need to be “kept current” as the report tells the users that the controls addressed in the report existed and operating effectively at or during a certain period of time.
  • 23. Due Diligence- What to Look For
  • 24. Due Diligence- What to Look For (cont.) • Is the service or specific system controls covered by the SSAE 16 report? • Which accounting firm performed the work? • What is the period of time covered by the report? • What type of report is it?
  • 25. Due Diligence- What to Look For (cont.) • Were there any exceptions or deficiencies noted in the auditor’s report? • Is there any other useful information about the vendor that is included in the report? (ie: disaster recovery plan) • What are the next steps?
  • 26. Additional Resources American Institute of Certified Public Accountants www.AICPA.org SSAE16 Information, FAQ, Latest News, etc. www.SSAE16.com IT Governance Institute www.ITGI.org
  • 27. “Internal Controls cannot make an institution successful, but the lack of controls or only partial controls can be and commonly is a cause of its failure.” - Gene Bucciarelli, CPA, BankersOnline.com