FAITAllison Baehr, Stephen Chen, Travis Graig, and Sharon Han

Page 2

Agenda

►Introduction

►Trends►Cyber Risk

►3rd Party Risks

►Data Analytics

►Conclusion

Page 3

Financial Audit IT Integration (FAIT)

► FAIT professionals work with Assurance professionals on the performance of external audits

► IT-related audit procedures in support of financial statement audits and reporting on the internal controls over financial reporting (Integrated and Non-Integrated audits)

► Understanding IT risks and controls as they relate to financial reporting

Page 4

Financial Audit IT Integration (FAIT)

► FAIT work primarily consists of:► Understanding the IT risks posed to an institution► Assessing if the institution has controls designed to effectively mitigate the

risks identified► Evaluating the operating effectiveness of the IT control environment

► FAIT professionals can also add value by:► Integrating with Audit professionals to provide trust and confidence in our

audit client’s financial reporting and internal control over financial reporting► Helping clients grow their business by providing trusted communications

(assurance) to their customers and other stakeholders related to internal controls

► Providing industry/sector insights and thought leadership with a focus on risk and control matters

Page 5

Trends

Page 6

Trend: Cyber Risk

► Focus on risk factors affecting financial reporting (material misstatement)► No specific auditing standards addressing cyber security risks

► Apply existing standards to the evolving issue and related risks► Possible questions to client in regards to cyber security

► Who?► How?► What?

► Possible cyber risks:► theft of IP► customer data► credit card data► monetary assets► operational disruption

Page 7

Trend: 3rd Party Risk

►More reliance on outside organizations creates vital need to understand risks IT Risk introduced by 3rd Parties

►Greater use of SOC Reports ► SOC 1: Used in FAIT about internal controls over financial

controls► SOC 2: Reports on internal controls about outsourcing risks such

as security and availability

►CUECs: Complementary User Entity Controls ► Controls in which the outsourcing organization is responsible for

upholding ► FAIT engagements ensure that clients have implemented the

CUECs in the SOC reports

Page 8

Conclusion

Page 9

Foreseeing: Greater Collaboration Amongst Work Streams

IT Compliance/Regulatory Compliance

Third Party Reporting Attestation Expectations

Cyber Security

IT Risk Management (ITRM)

Data Analytics

FAIT

Page 10

Foreseeing: Greater Collaboration Amongst Work Streams

FAITData Analytics IT Risk

Management (ITRM)

Cyber Security

Third Party Reporting Attestation

Expectations

IT Compliance/R

egulatory Compliance

Page 11

Questions?