SOC Reports (System and Organizational Controls Reports): 1-day course by Deloitte & CORE
Third party risk management (TPRM) is evolving into a strategic capability within organizations. Whether you are a part of vendor management, relationship management, TPRM group or vendor governance, it is helpful to have a strong appreciation and understanding of SOC reports that your suppliers, outsourced service providers and partner organizations provide, to be able to review these reports and address any findings.
Course Description: The objective of this course is to introduce both the purpose and use of System and Organizational Control (SOC) reports, in the context of outsourced services.
The session will focus on the following topics:
(i) purpose of SOC reports;
(ii) types of reports – SOC 1 and SOC 2, Type I and Type II;
(iii) key considerations when reviewing SOC reports;
(iv) dealing with exceptions and deficiencies identified in a SOC report;
(v) complementary user entity controls and implications; and
(vi) sub-service organizations (fourth parties) involved, their treatment and implications.
The one-day course will benefit those who engage outsourced service providers and review the SOC reports received from Suppliers. The course may also be beneficial for those from the service provider and advisor community to allow them to understand typical expectations that their clients have around SOC reports.
This course will be an instructor led, interactive session and will include mini-case studies and discussions to simulate common scenarios faced by organizations. The lead instructor is anticipated to be Baskaran Rajamani, Partner from Deloitte's Risk Advisory practice who will be joined by senior members from his team.
Baskaran Rajamani, Partner Deloitte
Baskaran Rajamani is a Risk Advisory Partner with Deloitte in Toronto specializing in assisting Financial Services clients in successfully managing Third Party and Outsourcing risks, related Regulatory Compliance management, Governance as well Security and Audit implications.
Baskaran is a frequent speaker on Third Party and Outsourcing risk and governance related topics at conferences and has assisted Banks in remediating regulatory and audit findings related to Third Party Risk Management.
Baskaran has led several Service Audit Reports (Under Canadian, US and International Standards, SOC-1 and SOC-2 reports) related to risk management controls at service providers for over 10 years.
Mark Varma, Senior Manager Deloitte
Mark is a Senior Manager in Deloitte’s Risk Advisory practice. He has significant experience managing IT and business process audit and advisory engagements for financial services industry organizations and other Deloitte priority accounts. He focuses on Operational Risk projects, including risk and controls assessments, risk reporting, internal control audit, and third party risk. His work includes leading SOC 1 and SOC 2 audits, performing pre-assessment/scoping engagements to help organizations get ready for their first SOC 1 or SOC 2 audit, and also working with organizations that receive SOC 1 / 2 reports to review and assess the reports, as part of their control and risk management programs.
Mark has extensive experience leading training for Deloitte’s clients and staff. Mark has also delivered presentations to professional associations such as ISACA (Information Systems Audit and Control Association). Mark is a Chartered Professional Accountant (CPA), Chartered Accountant (CA), and a Certified Information Systems Auditor (CISA). He holds a Bachelor of Commerce degree from Queen’s University.
8 Adelaide St W #200