-
SSAE 16 replaces SAS 70 (…sort of) – UPDATE 2
In my last post I indicated that the AICPA would have additional guidance on this topic this fall. It appears that we may now have to wait until early 2011. According to this document from the AICPA, “The existing (AICPA Audit) guide is being overhauled and rewritten to reflect the requirements and guidance in SSAE…
-
The 5 trickiest FDIC IT examination questions (part 4).
Last time in Part 3 we discussed (at some length) the FDIC IT Exam question “Are project management techniques and system development life cycle processes used to guide efforts at acquiring and implementing technology (Y/N)?”. This time, we address a question from the Part 3 – Audit/Independent Review Program section titled: “Are the results of…
-
The 5 trickiest FDIC IT examination questions (part 3).
Last time in Part 2 we tackled “Does the bank’s strategic planning process incorporate information security (Y/N)?” from the FDIC IT Examination…
-
The 5 trickiest FDIC IT examination questions (part 2).
Last time we addressed a question from the FDIC IT Examination Questionnaire, found in PART 2, OPERATIONS SECURITY AND RISK MANAGEMENT…
-
The 5 trickiest FDIC IT examination questions (part 1).
…and how to answer them. Actually, answering them is the easy part, they all require a “Y”. Documenting the basis for your answer is a bit harder. Because each question really requires it’s own discussion, I will address each one in separate posts. Also, the questionnaire I will be referring to is the newer 12/07…
-
SSAE 16 replaces SAS 70 – UPDATE
Starting next year (or this year for Type II engagements that extend beyond 6/11), the traditional SAS 70 is being phased out in favor of the SSAE 16. The biggest difference is that the “A” no longer stand for “Audit”, but “Attestation”: Management of the service provider asserts that controls relative to security, availability, integrity,…
