This session with be an update by members of federal law enforcement related to current trends and threats that organizations face each day.

Learning Objectives:

• Identify the current state of cybersecurity threats against companies.
• Identify how CPAs and risk advisors can help communicate security needs and requirements to their clients.

The Devil is in The Details: How To Be Successful In Cross Compliance Framework Alliance

This session will review tactics to be successful in implementing a control environment that aligns with multiple security frameworks. The session will review common use case, pitfalls organizations find themselves in as well a review of successful case studies. We will discuss the role of compliance platforms in the process and at the end of the sessions, participants will understand what an auditor needs to do to make this successful as well as what the organization needs to do to be successful in implementing a control environment aligned with multiple frameworks.

Learning Objectives:

• Identify the common roadblocks in implementing a cross compliance framework.
• Identify the role of compliance platforms in the process of implementing a cross compliance framework.
• Identify key take aways to be successful from both an auditor and organization standpoint.

This session will highlight any Independence and Peer review insights as they relate to SOC.

Learning Objectives:

• Identify how certain relationships between SOC tool providers and audit firms can impair independence or raise other ethical questions.
• Identify the importance of quality and compliance with professional standards in SOC engagements.
• Identify the requirements for CPA firms issuing SOC examination reports to undergo a peer review.
• Identify the relationship between the firm’s quality control and peer review.
• Identify common peer review findings in SOC 1 and SOC 2 engagements and why they matter.

This session will help enhance understanding the use of SOC 2 reports to support trusted reliance on third parties. We will cover ways clients can differentiate their SOC reporting.

Learning Objectives:

• Identify changes in the 2022 SOC 2 Guide that may apply to a practitioner's services
• Identify changes in the 2022 SOC 2 Guide that may apply to the use of the SOC 2 report

This session will discuss the updates that have been made to the SOC 1 guide, and address the basics of SOC 1 engagements, including:

- obtaining an understanding of the service organization's system and relevant controls

- determining whether control objectives are appropriate

- evaluating suitability of design

- evaluating operating effectiveness

- forming an opinion in the SOC 1 report

Learning Objectives:

• Identify the purpose and applicability of SOC 1 Reports
• Recognize the components of a SOC 1 Report

Risk assessments have been a primary focus area for firms as well as peer reviewers. Assessing risk is a continual process through an engagement life cycle (from client acceptance to planning to evaluating the results). This session with strive to answer three questions: What is a risk assessment? Why do we keep talking about it? And…where do you start?

Learning Objectives:

• Identify the different types of risk assessments and their role within an engagement.
• Identify materiality considerations when performing a risk assessment.

With the growing pool of GRC and "SOC automation" tools entering the market, SOC practitioners are eager to understand the impact on SOC engagements. In this session, we will discuss the good, the bad, and the potentially non-conforming aspects of engagements that utilize these tools.

Learning Objectives:

• Identify the fundamentals of SOC 2 reporting, and identify unique aspects of the software market as it relates to SOC 2
• Identify the technical aspects of SOC 2 tools
• Identify considerations & challenges in this space
• Analyze Service organization & auditor responsibilities
• Analyze auditor relationships & best practices

Increased stakeholder demand for better information about how companies manage third party data has resulted in more opportunities for CPAs to provide services around data privacy.

This session will address:

- emerging trends in data privacy

- types of services CPAs can provide to meet their clients' needs

- guidance available to help CPAs providing services in the data privacy space

Learning Objectives:

• Identify the impact of recently enacted privacy regulations on organizations.
• Identify ways to help clients manage the challenge of disparate privacy regulations.
• Identify recent privacy non-authoritative guidance published by the AICPA.

This session will review the application of the 2022 Trust Services Criteria and most recent illustrative report. Specific emphasis will be on defining system boundaries, providing a sufficient system description, defining principal service commitments and system requirements, evaluating subservice organizations vs. vendors, considering relevance of complementary user entity controls, mapping controls to the relevant criteria, applying the Privacy category, including other third party criteria, ensuring sufficient testing procedures and clear presentation in the report, mapping risk considerations, reporting on other information, and ensuring most value from report usage and distribution.

Learning Objectives:

• Identify the 2022 Trust Services Criteria and illustrative reports
• Identify how to include relevant content within the SOC 2 report
• Identify opportunities to improve the report presentation
• Recognize recent changes and key considerations
• Recognize the value of the report for users

The AICPA’s Assurance Services Executive Committee (ASEC) is responsible for addressing current market needs, particularly those that arise from the use of new and emerging technologies, through the development of new assurance and advisory solutions. This session will offer an inside look into ASEC’s current projects including Cybersecurity, SOC Reporting, ESG, Digital Assets, and other emerging areas.

Learning Objectives:

• Identify the mission and objectives of the Assurance Services Executive Committee (ASEC).
• Identify the ASEC’s current projects and areas of focus.
• Identify future initiatives supporting CPAs in this space.

This session with explore the requirements and best practices related to vendor management - both for companies and for the reviewing of what is done for SOC engagements.  We will explore issues that companies face related to vendor management and how to overcome those issues or risks during the SOC engagement. 

Learning Objectives:

• Identify the issues companies face when doing vendor management
• Identify how to properly review vendor management activities during an SOC engagements
• Identify expectations with vendor managements related to SOC engagements

Over the past several years, the AICPAs SOC school has been a key point of interaction between SOC practitioners across the globe, from new associates to senior partners. Through the dialogue that occurs during the SOC School, its instructors get an invaluable glimpse into the common questions among practitioners and the areas of guidance that are often unknown or misunderstood. Hear from one of these instructors as we revisit the most commonly asked SOC School questions and explore the guidance-based answers.

Learning Objectives:

• Identify common questions and areas of challenge in the delivery of SOC attestation services.
• Identify key portions of SOC attestation guidance.

This session will grant attendees the opportunity to bring forward questions relevant to matters of SOC and Third-Party Risk. All topics are fair game; our panel of experts will facilitate dialogue and deliver answers on the spot.

Learning Objectives:

• Apply critical thinking in finding answers to questions posed by other SOC and risk professionals.
• Identify matters pertaining to SOC and third-party risk via discussion.