Vendor Management from a Vendor’s Perspective: How to Prepare and Document for SSAE18 Changes

By now it’s safe to say that you are well aware of the SSAE18 change. This is a clarified standard to SSAE16 along with the AT 801 and AT 101 attestation standards. With this change, service organizations are now responsible for completing a risk assessment as it relates to the subject matter defined in a SOC report. In the past, it has always been the responsibility of the service auditor to conduct a risk assessment – now it’s in your hands, as a service organization. Because the control objectives and/or controls are the service organization’s responsibility, it only makes sense for the party designing the controls to have an understanding of the associated risk of material misstatement.

In today’s competitive landscape, being able to effectively manage your risk as a vendor has become even more vital to the success of your organization. This includes not only understanding the risk assessment process, but also having a solid understanding of vendor oversight and your specific responsibilities as a service organization.

During this complimentary webinar we will cover:

  • Overview of the update (SSAE16 to SSAE18)
    • Why the change?
    • Clarifications
    • Terminology Updates
  • Specific Changes that will Impact Service Organizations
  • New Vendor Management Requirements
  • Practical Methods to Meet SSAE 18 Vendor Management Requirements
  • Understanding the Importance of the Risk Assessment
  • The Difference Between a Vendor and a Subservice Organization
  • Real-World Scenarios
  • And more!

While the new standard took effect on May 1, 2017, we know that some things may still seem unclear. Join us on June 29th as we walk you through the specific changes that will impact your service organization as well as the practical steps you can take to ensure you are effectively meeting the new requirements.

About the Presenters:

Terry Ammons, CPA, CISA, CTPRP, is Partner in the Systems Department at Porter Keadle Moore in Atlanta, GA, with over 27 years of experience auditing financial institutions and other financial services companies. For almost the past 15 years his focus has been on IT risk advisory services including Service Organization Control reports, information technology reviews for banks and insurance companies and an extensive practice in assessing the vulnerability of corporate networks.

Mary Beth Marchione, CPA, CISA, CISSP, is a Systems Manager at Porter Keadle Moore in Atlanta, GA. She joined PKM in 2012, after working with the Bank of New York Mellon for five years, starting as an Accounting Analyst and later moving to the position of a Risk and Compliance Specialist. Since joining PKM, she has served some of the firm’s largest financial services and SEC clients providing both assurance and consulting services including SOC reports and Sarbanes-Oxley compliance in a wide range of complex information technology environments.

Download Now