System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

As new technologies and the increased use of cloud based solutions rise, the prevalence of third-party vendors' System and Organization Controls (SOC) reports have become more important than ever in the marketplace. Effective vendor risk management and due diligence can greatly hinge on management’s review and understanding of SOC reports. Reviewing SOC examination reports can sometimes be overwhelming and important items within the report can be overlooked.

In this webinar, Baker Tilly discusses the key topics that issuers should consider as they perform their exams under SSAE 18, along with the focal points of user entities as they read and evaluate vendor’s SOC reports.

Key takeaways

• Explore the different SOC reporting options available, the current guidance changes that are impacting the reports and changes effective in the near future.
• Review the obstacles SOC report issuers come across, including first time SOC reports. For issuers who have annuity SOC projects, consider how changes in risks, processes and control updates may impact reports.
• Walk through the key areas a SOC report recipient should read, review and analyze upon receipt of a SOC report, including analyzing exceptions noted and understanding what recipients should do with complementary user entity controls.

For more information on this topic, or to learn how Baker Tilly SOC reporting specialists can help, contact our team.