Session Description:

Your customers require a SOC report; Preparing for a SOC audit

The topic covers different sections of the SOC reports and responsibilities of different parties involved among service organization, subservice organization, user entities and the service auditor. 

You received a SOC report, what now?

The topic covers entity’s responsibilities with respect to the service organization’s processes and how to evaluate a SOC report for example SOC 1, for controls relevant to financial reporting or SOC 2, for how service organizations your data based on the five Trust Services Criteria (TSC): Security, Availability, Processing integrity, Confidentiality, and Privacy, including understanding the opinion and service organization's control environment.

Speaker Profile:

Sameera Jamal, Partner - EY

Sameera has 18+ years of experience in increasing stakeholder confidence via transparency into organization’s financial and IT environments, through governance, risk and controls guidance. Specializations include third party controls evaluations for service organizations, and SOX/ ICFR work with financial sector organizations and other large multinational clients; covers IT general controls, business process and application controls reviews. Sameera leads third party risk assurance/ attestation services (including SOC1, 2 &3, ISAE3402, CSAE3000/1, SSAE18, Agreed Upon Procedures) with subject matter often covering both IT general controls and business process controls covering outsourced areas. 

Matthew Batterton, Partner - EY

Matthew has 25 years of audit and consulting experience, including over 20 years of assessing IT risk governance processes and internal control frameworks for our Technology Risk practice. Matthew has experience in evaluating and auditing system controls, conducting pre- and post-implementation reviews, and assessing the adequacy of enterprise risk management and compliance functions. Matthew has worked with clients in multiple industries, including Financial Services.

Matthew is EY Canada’s SOC Service Line Leader and member of the CPA Canada task force responsible for developing the Canadian SOC reporting standards to better meet the needs of SOC report providers and users.

Disha Bhandari

Disha is a Senior Manager in Technology Risk practice at EY with 11 years of experience in technology related audit and assurance services. Specializing in financial statement audits, third-party reporting engagements and internal audits, she has developed a robust skillset that encompasses a wide range of auditing practices and compliance standards related to various industries including real estate, healthcare, technology, and retail.

She is a subject matter expert for third-party reporting, including SOC 1/2 audits and has guided organizations through the complexities of third-party risk management. She collaborates closely with clients to assess their technology and operational processes to identify potential vulnerabilities and implementing controls and safeguards to enhance trust and transparency with stakeholders.

Disha is dedicated to fostering a culture of continuous improvement and risk management within organizations and is committed to delivering high-quality insights and services that drive value and support organizational objectives.

Alan He

Alan is a Senior Manager in Ernst & Young Technology Risk with 14 years of experience in Information Technology (IT) and business process reviews, system implementation reviews and consulting projects. ​

Alan led various SOX and Financial Statement IT Audits, as well as Systems and Organization Controls (SOC 1 and SOC 2) assessments.​

Led various SOC 1 assessments to evaluate the effectiveness of internal controls over financial reporting (ICFR) for service organizations. Conducted detailed evaluations and extensive testing of control activities to verify the effectiveness in preventing, detecting, and correcting material misstatements in financial statements.​

Conducted SOC 2 assessments to evaluate the design and operating effectiveness of controls related to Security, Availability, Confidentiality, Processing Integrity, and Privacy. Identified potential risks and provided recommendations for mitigation.​

Dj Jung

DJ Jung is a Senior Manager in the Technology Risk practice at EY. DJ has information technology experience concentrated in auditing and attestation service, IT risk management and IT governance. DJ is project leads for delivering system and organization control audits for a wide variety of Canadian and global service organizations as well as managing teams delivering financial audit IT services to financial statements and internal control over financial reporting audit clients. DJ is also part of Canadian Financial Audit IT and Attestation Quality Network supporting audit quality for teams across Canada.

CPE: 4.0 Hrs

Please Note:  There is a cancellation policy in effect