Hi [[ session.user.profile.firstName ]]

Transition from SAS-70 to the New SSAE-16

In 2010, the AICPA issued SSAE No. 16, Reporting on Controls at a Service Organization, which replaced SAS 70. Most organizations outsource certain tasks and functions to at least one service organization. Therefore, many risks of the service organization become risks of the user entity. SSAE 16 reports are intended to provide an objective evaluation of the effectiveness of controls at the service organization. Join us to discuss:
* Why the change to SSAE16
* Similarities & Differences between SAS70 & SSAE16
* Impacts of the change to Internal Audit Organizations
* Common pitfalls / value adds / best practices
* Broad Standards (SSAE 16, SOC, AT101) and how they relate
Recorded Nov 10 2011 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jennifer I. Village, Director of Risk Assurance, PricewaterhouseCoopers
Presentation preview: Transition from SAS-70 to the New SSAE-16

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • IIA Detroit Chapter Ethics Webinar Recorded: Nov 20 2019 122 mins
    Stephen W. Blann, CPA, CGFM, CGMA
    Every day we are faced with ethical dilemmas. They are not all big, earth-shattering decisions between right and wrong… but every ethical decision we face carries a consequence. From behavioral ethics to technical ethics to codes of professional conduct, this session will explore ethical behavior in the workforce, and the critical role that accountability professional play in upholding the public trust.
  • To FAIR or not? A Risk Assessment Discussion Recorded: Oct 29 2019 61 mins
    David Elfering
    There are several ways to get the risk assessment wrong. If the risk is considered a “thing”, and not a “quantity”, we probably got it wrong. Werner Enterprises adopted the FAIR (Factor Analysis of Information Risk) framework to perform quantitative risk assessment of information security and operational risk.
    Dave will walk the audience through their process of adopting FAIR, what worked, what didn’t and the lessons learned as they go through their risk management journey.
  • Following the Digital Investigative Trail. How Digital "Currency" is Exposing Recorded: Sep 26 2019 61 mins
    Bill Hickman and Peter L. Mansmann
    With the widespread adoption of social media sites and phone-based apps, users are leaving data trails everywhere. Often the companies behind these tools do not charge fees to the end users to use their software. Instead the payment method is the collection and reuse of the end user data gathered by the software applications. This data is in turn sold to data aggregators or directly to other companies that sell other products and services. As the data migrates further away from the end user, it is more widely available and less likely to remain in the ownership and control of the originator of the data. More and more often an investigation starts with internet-based searches to identify and analyze this data. The trend will continue to move in this direction.

    Internal Auditors can benefit greatly from understanding how to best integrate this new wealth of information in their audits and investigations. The future of both audits and investigations will need to rely more on technology but cannot neglect the impact and role of the “human element”. Points of particular interest include:

    •Personal assistants (Siri, google home, Alexa),
    •Analytics applied to social media sites,
    •Check in features showing real time locations,
    •The trend towards this data going directly to the public cloud, and
    •Data enablement on more everyday devices.
  • PROMOTING CIVILITY IN THE WORKPLACE Recorded: May 17 2019 121 mins
    PRESENTER: DON LEVONIUS, CERTIFIED SPEAKER AND MASTER FACILITATOR VICTORY PERFORMANCE CONSULTING LLC
    We live in contentious times in which divisiveness not only drives people to engage in antisocial and unethical behavior, but creates tremendous risk for organizational cultures and reputations.

    In this free webinar, Don Levonius shares some unique insights on promoting civility in the workplace with a focus on ethics.
  • Digital Transformation and Internal Audit Recorded: Feb 15 2019 59 mins
    Shahn Alware & Michael Wolf
    Digital Transformation is a mandate and companies are adopting methodologies like Agile, XP, and Lean to push the envelope on faster delivery and at the same time continuously improve the product capabilities. This rapid uptrend has given rise to Business and IT embracing DevOps practices such as Continuous Integration, Continuous Delivery, and Site Reliability Engineering. Let's explore the challenges Internal Audit is facing and ways to enable the organization to achieve its objectives.
  • Assessing Cyber Risk - Challenges and Solutions Recorded: Dec 14 2018 60 mins
    STEPHEN HEAD - Experis Finance: Director of IT Risk Advisory Services
    Managing cyber risk in today’s digital environment is extremely challenging, whether your organization is public, private or governmental. In response to the growing frequency and severity of cyber-attacks, many organizations have decided it’s time to focus more of their efforts on cyber risk, starting with a cyber risk assessment. This approach to proactively dealing with the risk of cyber-attacks increases the organization’s awareness of the potential impacts and costs, and enables them to take actions that reduce the overall risk to the organization, minimize the impact of cyber-attacks, and more predictably ensure the continuity of essential services.

    This webinar will provide participants with a high-level overview of assessing cyber risk and explore the following:
    •Threats and root causes of breaches
    •The changing regulatory landscape
    •Security frameworks and tools
    •Practical ways to assess your risk and organizational exposure
    •Key elements of a successful cyber risk management program
  • Auditing Smarter – Not Harder Recorded: Oct 18 2018 61 mins
    Sajay Rai, CPA, CISSP, CISM
    Technology is omnipresent. Technology is helping businesses work faster, smarter and become more innovative. But the same technology is introducing more security risks. Organizations are deploying security technologies to mitigate the security risks and implement continuous monitoring of these risks. Audit departments within organizations are planning to conduct more technology audits than ever before. They are looking to automate their audits. They are looking for newer, smarter audit tools. But before we go any further to identify any new tools, let’s look at the same continuous monitoring tools already deployed within the organizations, which could help the auditors as well.
    The session will discuss the following areas:
    •Asset Inventory
    •Security Information Event Management
    •Identity and Access Management
    •Network Security
    •Mobile Device Management
  • Understanding the FCPA: Recent Trends and Considerations Recorded: Apr 18 2018 60 mins
    Scott Stringer and Amy Slevinski – Baker Tilly
    The Foreign Corrupt Practices Act (FCPA) was enacted in 1977 making it illegal to make payments to foreign government officials for the purpose of obtaining or keeping business. The anti-bribery provisions of the FCPA require maintenance of accurate books and records as well as an adequate system of internal controls. Please join this webinar to gain an overview of the FCPA, discuss recent enforcement trends throughout the years, and understand how the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) considers a company’s existing compliance program when assessing penalties. The webinar will cover common methodologies and frameworks for identifying possible gaps in existing compliance programs, common pitfalls and considerations when assessing and remediating anti-bribery and anti-corruption compliance gaps, highlighting areas where internal audit practitioners can contribute to a company's anti-corruption monitoring efforts.
  • Enterprise Risk Management in the Age of Business Transformation Recorded: Mar 28 2018 60 mins
    Dr. Mohan Tanniru
    Business transformation in the 21 st century has organizations extending their value chain into
    customer decision making, as they design and deliver “digital services” using advanced
    information technology. Such transformations need organizations to run at a faster speed to
    explore new value creating opportunities and still keep running their daily operations at regular
    speed. So, organizations may need two different organizational structures and governance models
    to manage both faster and regular speeds to isolate risks, including strategic (e.g. brand reputation),
    compliance (e.g. data security and integrity), operational and technical risks that surface when
    working with many unproven technologies, external partners, and evolving customer expectations.
    This presentation will look at strategies to address these risks.
  • Internal Audit and Board Alignment Recorded: Feb 21 2018 55 mins
    Dr. Raj Aggarwal, CFA, Ancora Trust
    Dr. Raj Aggarwal is back to address an important topic on the alignment of internal audit and the board. As a board member, Dr. Aggarwal gets to see both sides, internal audit interaction with the board, and the board expectations of the internal audit function.
    Dr. Aggarwal will expand on the recent article of Board Matters in IIA’s Internal Auditor magazine and share his experiences related to the exchanges of the board and the internal audit.
    This webinar is designed not only for the CAEs but all members of the internal audit function and the Board of Directors for both private and public companies.
  • Understanding the Role of Cyber Insurance in Managing Cyber Risks Recorded: Jan 16 2018 57 mins
    Taras Shalay
    12.00 Noon (eastern) to 1.00 pm (eastern)
    One CPE Credit
    Presenter: Taras Shalay
    In this webinar, Taras will introduce the different coverages available under the cyber insurance and de-mystify the various coverages and terms. In addition, Taras will discuss how the cyber insurance can play a key role in managing the overall cyber risk within an organization.
    By the end of this webinar, participants should be able to:
    • Explain the various terms associated with cyber insurance
    • Understand whether a given policy addresses their cyber risks
    • Examine their own cyber risk policy
    Bio: Taras Shalay
    With 10 years of underwriting and brokerage experience in Professional Liability, Executive Lines and Cyber Liability, Taras has a unique specialization in the insurance industry.
    Taras’ extensive Cyber Liability experience allows him to easily explain the complexities of a Cyber Liability policy, as well as the various different coverage’s available to his clients that may or may not fit their insurance needs. Taras’ main focus is to identify the key exposures for his clients and provide the best available solutions in this quick changing market environment.
    Taras also has a decade of experience with Directors’ & Officers Liability, Employment Practices Liability, Fiduciary Liability, Crime, and Errors and Omissions.
    Taras Shalay is a 2006 graduate of Western Michigan University with a Master’s degree in Economics, where he was also awarded with graduate student of the year in his department.
  • What I Learned About Risk and Control from “The Mouse” (2 Hour Ethics) Recorded: Nov 21 2017 115 mins
    Don Levonius
    In this webinar, former Disney loss prevention and investigations leader Don Levonius shares what he learned about using internal controls to prevent fraud, mitigate risk, and protect the magic at the happiest place on earth. Disney, an extremely complex control environment, not only uses internal controls to achieve impressive operational and financial results, “The Mouse” also uses controls to protect intangible assets, promote ethical behavior, ensure business continuity, and mitigate the impact of tragedies.
    By the end of this webinar, participants should be able to:
    •Discuss how one of the most trusted brands in the world manages reputation risk
    •Describe why monitoring an ineffective control is like weighing yourself on a broken scale
    •Examine the relationship between unethical employee behavior and the failure of weak controls
    •Explain what business continuity looks like when catastrophic risk becomes reality
    The views expressed in this webinar are the recollections and opinions of the presenter and are offered in accordance with fair use doctrine. His stories are compiled from “common knowledge” and published media reports, which may or may not be factually accurate. They are presented as hypothetical situations and are included for illustrative teaching purposes only. The presenter is not responsible for errors or omissions. This webinar is not sanctioned, authorized, or endorsed by the Walt Disney Company or its affiliates.
  • Application Controls and Data Reliability Recorded: Oct 19 2017 59 mins
    Jeff Sisolak, CISM, CISA
    The use of Information Technology in business has become so ubiquitous that just about every audit has an IT component. Operational and business process auditors must embrace technological advances rather than resist them in order to perform audits in an effective and efficient manner. This webinar will provide all auditors with a foundational understanding of application controls and data reliability.
  • Mobile, Social Media and Artificial Intelligence – Oh My! Recorded: Sep 20 2017 61 mins
    Bill Hickman and Peter L. Mansmann
    When we first had Pete and Bill present on the topic of Forensics, we had feedback from our members that we should bring them back and focus on specific modern technologies. Well, we heard and brought them back. Bill and Pete are going to provide an overview of some of the latest and up and coming technologies being employed by investigators. This seminar will cover topics including: cell phone data recovery and analysis, social media geo-fencing, and artificial intelligence engines that analyze non-structured data (photos, video, etc...). We will also discuss how data locations are shifting towards cloud based applications and how investigators are finding and making use of this information.
  • Are You Compliant with EU’s General Data Protection Regulation (GDPR) Recorded: May 22 2017 59 mins
    Brad Barton, CISA
    Enforcement of the EU General Data Protection Regulation (GDPR) will begin on May 25, 2018. It effects and applies to all companies processing and holding the personal data of individuals residing in the European Union, regardless of the company’s location. The law was passed in 2016 and we are presently in a “transition period” which, by some accounts, has been ignored or unrecognized by many organizations. If your organization handles personal data for residents of the EU now is the time to prepare.

    During this webinar you will learn about the regulation’s requirements and penalties. Further, the information offered will help you update or create appropriate audit/risk assessments to determine your organization’s readiness.
  • Cyber Security & Internal Audit: A Board’s Eye View Recorded: Apr 25 2017 61 mins
    Jay R. Taylor, CEO and President of EagleNext Advisors LLC
    One of the most critical and complex issues companies face today is providing the right leadership and level of attention to growing risks related to cyber security. While Internal Audit plays a critical role in this area, challenges in planning, execution and communication can detract from providing what the board needs. In this webinar Taylor will take you into the board room to better understand the critical role played on both sides – the Board committees such as Audit and Risk, and Internal Audit. You will walk away with new insights to help your team be more successful.
  • Assessing and Building a Risk Conscious Culture Recorded: Mar 22 2017 64 mins
    Priti Sikdar (B.Com, FCA, DISA, CISA, CISM, CRISC, ISO 27001 LA, BS 25999 LA, COBIT (FC), BCCS, PRINCE 2 (FC))
    Risk Culture in an organization is dependent on the ‘tone at the top’. Management plays a pivotal role in molding the risk culture. Risk management is a part of the IT Governance framework in the organization. No business can function without taking into consideration the internal and external risk factors; in fact risk can be adverse, risk can be positive when it turns opportunity into profit.
    As a part of internal audit function, an auditor will see enterprise risk corresponding to the business objectives, mission and long term and short term policies of the organization. But it is observed that the greatest impediment in the compliance to risk standards set by management is the absence of a risk centric culture which has to be woven into the fabric of the organization right from the induction stage when a new employee enters the organization, to defining his roles and responsibilities to including risk compliance into the KPI and building an awareness and training culture where risk is always on agenda to be discussed.
    In this presentation, I wish to bring the experiences of our audience under a single platform and discussing certain modes of assessing and building a risk conscious culture whether we belong to industry or we are on the assurance side. We shall emphasize culture as a vehicle to ride our risk initiatives and bring in effectiveness and compliance.
  • Evolution of Traditional Investigations and Modern Forensics Recorded: Feb 16 2017 57 mins
    Bill Hickman, COO of CSI Corporate Security and Investigations Inc. and Peter L. Mansmann, president of Precise, Inc., a lit
    The use of web enabled devices has profoundly changed the world we live in. The average American now spends upwards of 10 hours per day in front of some form of electronic medium. More and more, the smart phone is becoming the device of choice to communicate, get news/information, and share social information on a real time basis. This is how people navigate through today's world and has had a significant behavioral impact as a result.

    Internal Auditors can benefit greatly from understanding how to best integrate this new wealth of information in their audits and investigations. The future of both audits and investigations will need to rely more on technology but cannot neglect the impact and role of the “human element”. Points of particular interest include:
    •social media searches to identify where someone has been and plans to be,
    •location enabled services identifying where someone's phone (and presumably they) have been,
    •devices and apps measuring and sharing individual’s mobility and activity,
    •the trend towards this data going directly to the public cloud, and
    •the emergence of the "internet of things".
  • Secrets of Deep/Dark Web Recorded: Jan 25 2017 52 mins
    Richard Cozart
    You may have heard the terms Deep and Dark web, but do you understand what they mean? There is a lot of confusion over these terms, this webinar will help give you a good understanding of the different layers of the world wide web.

    Richard Cozart, Technology administrator for IIA Detroit Chapter and Senior Security Architect at Securely Yours LLC will explain the secrets of deep dark web. He will clarify the terminology and will provide information on how to access it and what is generally available within the deep dark web.
  • Leading with Integrity & Authenticity Recorded: Oct 26 2016 120 mins
    Don Levonius, Principal Consultant and Master Facilitator at Victory Performance Consulting LLC
    Values-free leadership is an oxymoron, and leadership without authenticity is a misnomer. Integrity is the heart of leadership and authenticity is its soul. True leaders are not only ethical and transparent, they engage and influence others on a deeper, more personal level. By applying the ethical theories of notable moral philosophers and contemporary thought leaders, participants test proven ethical principles of authentic leadership.
Live Chapter meeting on internal auditing, risk management and control
Lively topics for new and seasoned internal auditors, students and others are presented montlhly between September and May.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Transition from SAS-70 to the New SSAE-16
  • Live at: Nov 10 2011 5:00 pm
  • Presented by: Jennifer I. Village, Director of Risk Assurance, PricewaterhouseCoopers
  • From:
Your email has been sent.
or close