Upload File

the challenge your benefits kpmg approach credentials contact … · the challenge your benefits...

  • Home
  • Documents
  • THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT … · THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT • New IT technologies (virtualization, cloud computing
3
THE CHALLENGE KPMG APPROACH CREDENTIALS YOUR BENEFITS CONTACT New IT technologies (virtualization, cloud computing, mobile computing) are becoming increasingly part of your service offering and/or supporting your operational processes Your clients are becoming increasingly demanding to the measures taken to protect their private and/or confidential information and to ensure availability of their systems Deficiencies in the security offered by you may result in the release of client information and lead to reputational damage both to you and your clients Real or perceived security breaches may cause your clients to believe that your organization is unable to conduct business securely and responsibly Your clients’ assurance needs are not fully satisfied by currently employed certifications (e.g., ISO 27001). Clients are demanding additional insight into the system and related controls, design and control implementation, as well as assurance regarding the operating effectiveness of these controls You are confronted with multiple visits from your clients’ auditors and requests to complete detailed security questionnaires or checklists about your controls environment You must demonstrate your ability to meet your clients’ compliance needs and strengthen their confidence in your ability in an increasingly competitive environment. IT ADVISORY KPMG ADVISORY THE CHALLENGE How to effectively use Service Organization Control (SOC 2 and SOC 3) Reports for increased Assurance over Outsourced Controls regarding Security, Availability, Processing Integrity, Confidentiality and Privacy You are a service organization managing critical systems, storing and processing private and/or confidential client information, and/or processing transactions for multiple clients.

Upload: lebao

Post on 27-Jul-2018

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT … · THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT • New IT technologies (virtualization, cloud computing

THE CHALLENGE KPMG APPROACH CREDENTIALSYOUR BENEFITS CONTACT

• New IT technologies (virtualization, cloud computing,mobile computing)arebecomingincreasinglypartofyourserviceofferingand/orsupportingyouroperationalprocesses

• Yourclientsarebecomingincreasinglydemandingtothemeasurestakentoprotecttheirprivateand/orconfidentialinformationandtoensureavailabilityoftheirsystems

• Deficienciesinthesecurityofferedbyyoumayresultinthereleaseofclientinformationandleadtoreputationaldamagebothtoyouandyourclients

• Realorperceivedsecuritybreachesmaycauseyourclientstobelievethatyourorganizationisunabletoconductbusinesssecurelyandresponsibly

• Yourclients’assuranceneedsarenotfullysatisfiedbycurrentlyemployedcertifications(e.g.,ISO27001).

• Clients are demanding additional insight into the system and relatedcontrols,designandcontrolimplementation,aswellasassuranceregardingtheoperatingeffectivenessofthesecontrols

• You are confronted with multiple visits from your clients’ auditors andrequeststocompletedetailedsecurityquestionnairesorchecklistsaboutyourcontrolsenvironment

• Youmustdemonstrateyourabilitytomeetyourclients’complianceneedsandstrengthentheirconfidenceinyourabilityinanincreasinglycompetitiveenvironment.

IT ADVISORYKPMGADVISORY

THE CHALLENGE

How to effectively use Service Organization Control (SOC 2 and SOC 3) Reports for increased Assurance over Outsourced Controls regarding Security, Availability, Processing Integrity, Confidentiality and Privacy

You are a service organization managing critical systems, storing and processing private and/or confidential client information, and/or processing transactions for multiple clients.

Page 2: THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT … · THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT • New IT technologies (virtualization, cloud computing

KPMG APPROACH

CREDENTIALS

Diagnostic Review

ForserviceorganizationsthatarenewtotheSOC2examinationprocess,werecommendthata“SOC2DiagnosticReview”beperformed.ThepurposesofthereviewaretofocusonkeyareasthatwillbecoveredintheupcomingSOC2examinationandidentifythecontrolweaknessesthatmayneedtobecorrectedbeforetheattestationengagementperiodbegins.

In addition, during the Diagnostic Review, we will assist you in identifyingand documenting your controls. This is ordinarily a significant component ofmanagement’seffortduringthepreparationofthefirstsuchreport.

Type I report

ATypeI reportcontainsadescriptionoftheserviceorganization’ssystemataspecificpoint intime.InaTypeIreport,theserviceauditorwillexpressanopinionon(1)whethermanagement’sdescriptionofitssystemfairlypresentsthesystemthatwasdesignedandimplementedasofaspecificdateand(2)whether thecontrolsstated inmanagement’sdescriptionof itssystemweresuitablydesignedtomeettheapplicabletrustservicescriteriaasofaspecifieddate.AninitialTypeIreportnormallyservesasthestartingpointforsubsequentTypeIIexaminations.

Type II report

ATypeIIreportcontainsadescriptionoftheserviceorganization’scontrolsforadefinedperiodoftime.InaTypeIIreport,theserviceauditorwillexpressanopiniononthetwoitemsincludedinaTypeIreport.He/shewillalsoconcludewhether the controlswereoperatingwith sufficienteffectiveness toprovidereasonableassurancethattheapplicabletrustservicescriteriaweremetduringtheexaminedperiod.ATypeIIreportalsoincludesdetailedresultsoftestingoftheserviceorganization’scontroloverthespecifiedperiodoftime.

KPMG is a global leader in delivering Service Organization Control (SOC)reporting services. KPMG’s IT Attestation practice consists of a globallyaccreditednetworkofpartnersandprofessionalstaffwhoprovidearangeofITattestationservicestohelporganizationssatisfytheirthird-partyassurancerequirements.Wehaveestablishedaglobalaccreditationprocesstohelpensureconsistency andquality in thedeliveryof attestation and assurance servicesincludingSOC1,SOC2andSOC3examinationsandAgreedUponProcedures.Wehaveover1,000professionalsfullytrainedintheSOCexaminationprocessthroughourglobalITAttestationInstructornetwork.

YOUR BENEFITS• A traditional SOC 1 report (ISAE 3402 report, formerly known as SAS

70 report) is designed to meet your clients’ related needs for financialstatement audits, but does not necessarily meet needs related tooperationsandcompliance.ASOC2reportthatfocusesononeormoreofthetrustservicesprinciples–security,availability,processing,integrity,confidentialityandprivacy–does

• ASOC2reporthasthesamelookandfeelasaSOC1reportandprovidesyour clients with sufficient information (independent service auditor’sopinion,management assertion, systemdescription, tests performed byserviceauditorandtestresults)tosatisfytheirassuranceneeds

• Under certain conditions, a short form report (a SOC 3 report) may begenerallydistributed,withtheoptionofdisplayingawebsiteseal

CompetitiveAdvantage/Necessity

ReducedEffortSupportingClient-SpecificSecurity

Questionnaires/Audits

IncreasedInternalAssurance

RegardingSecurityandRelatedControls

ProactiveResponsetoCustomerOversightof

Security,Privacy,andDataRisks

Page 3: THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT … · THE CHALLENGE YOUR BENEFITS KPMG APPROACH CREDENTIALS CONTACT • New IT technologies (virtualization, cloud computing

©2012KPMGAdvisory, aBelgiancivilCVBA/SCRLandamemberfirmof theKPMGnetworkof independentmemberfirmsaffiliatedwithKPMGInternationalCooperative (“KPMGInternational”),aSwissentity.All rightsreserved.PrintedinBelgium.

CONTACT

Stephan Claes Partner

KPMGITAdvisory

T:+32)27084850E:[email protected]

Dirk Timmerman

Executive Director

KPMGITAdvisory

T:+3227084359E:[email protected]


Credentials line 1 Credentials line 2 Credentials line 3 Credentials line 4 Credentials line 5 Delete this text and insert presenters name here

KPMG France | KPMG | FR

Managing the data challenge in banking - KPMG | US · Managing the data challenge in banking ... All of this adds greater pressure for a quick-fix solution. ... other financial services

KPMG Portrait LETTER (2007 v1.1) - nsdcindia.org · companies in domestic airline brands, ... KPMG in India analysis The industry is facing a significant attrition challenge of

KPMG Global Sovereign and Pension Fund Tax …...KPMG Global Sovereign and Pension Fund Tax Conference3 2017 KPMG International Cooperative KPMG International. KPMG International provides

Bsides London Challenge 6 Walkthrough - UkTekBSides London 2012 Challenge 6 Walkthrough Page 2 of 19 Intro Thought I’d take a look at the BSides/KPMG challenge as it turns out that

The Great Accounting Challenge - KPMG · 2020-04-08 · Accounting Change Survey 1 Responding to revenue recognition and lease accounting changes The task ahead is huge. In KPMG LLP’s

KPMG Leasing Tool · KPMG Leasing Tool/September 2017 KPMG Leasing Tool The accountant-built solution to the latest lease accounting challenge KPMG embedded our leading accounting

KPMG International | KPMG | GLOBAL

KPMG International | KPMG | BQ

KPMG Indonesia | KPMG | ID

Anti-Bribery and Corruption in CEE - KPMG US LLP | … · 2018-06-12 · Anti-Bribery and Corruption in CEE: Rising to the challenge in the age of globalisation KPMG IN CENTRAL AND

KPMG International Development - KPMG Global · KPMG International Development Assistance Services . ... The Africa Enterprise Challenge Fund (AECF) is a US$150 million fund hosted

kpmg KPMG Kundeportal · © 2018 KPMG AS, a Norwegian member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”),

The view from the top - KPMG US LLP | KPMG | US see a powerful future for their CFOs. Are CFOs ready for the challenge? The view from the top 17 March 2016 ©2016 KPMG International

1 HealthierUS School Challenge Trainer’s name/credentials National Food Service Management Institute

KPMG US LLP | KPMG | US

The Disruption Challenge - KPMG · The disruption challenge 3 On the role of PBMs. Several of these mergers hold the potential to integrate PBM capabilities into the broader healthcare

Global banking and capital markets credentials - KPMG | US · Global banking and capital markets credentials 2 ... KPMG is a market leader in ... Global banking and capital markets

KPMG en España | KPMG | ES

China Management News - KPMG€¦ · China Management News - KPMG ... kpmg&

EPEAT Purchasing - State Electronics Challenge · EPEAT PURCHASING Sarah O’Brien State Electronics Challenge February 25, 2013. ... KPMG, Marriott, McKesson, Microsoft, NBC-Universal,

Digital Credentials for Micro-Credentials

The view from the top - KPMG · PDF fileThe view from the top KPMG International kpmg.com CEOs see a powerful future for the CFO. Are CFOs ready for the challenge?

Data and Analytics - KPMG | US · PDF fileGo beyond the data Data and Analytics September 2015 KPMG.com Credentials

KPMG International | KPMG | QM

Micro-credentials for Teachers · PDF fileThe Challenge of Teacher Professional Development ... Micro-credentials offer a strategy for teachers to expand and validate their ... called

ジャパン KPMG [email protected] …...ジャパン KPMG [email protected] ... KPMG

Teaching Credentials 1 teaching-credentials/) TEACHING

The Great Accounting Challenge - KPMG€¦ · The Great Accounting Challenge ... As if revenue recognition did not present enough of a challenge for the financial reporting ... SAP

KPMG in Russia | KPMG | RU

Choppy waters for global LNG - KPMG › content › dam › kpmg › co › pdf › 2017 › 09 › ... · and European sanctions, and high LNG development costs, challenge some of

KPMG GLOBAL ENERGY INSTITUTE · our brand 30% Expanding ... critical challenge over the next 3 years and becoming a more data driven organization ... KPMG GLOBAL ENERGY INSTITUTE

Auditing company culture: opportunity and challenge · challenge Tracey Keele, KPMG Advisory Partner ... liability partnership and the U.S. member firm of the KPMG network of independent

KPMG AEOI Reporting Factsheet...KPMG AEOI data health check KPMG recognise the challenge faced by organisations when dealing with data issues in the short period after year end in