Understand how to request and review SOC reports as part of your vendor risk management program. The course provides an overview of the various SOC report brands and the intended use and purpose of each. The class will also explain the most common factors and considerations for reviewing the report from your vendor and how it can impact vendor acceptance and risk management.This course will be highly interactive, with real-world scenarios, illustrations, and quiz games. In this course, students will:

• Identify the purpose and intended use of each SOC reporting brand and type of report
• Understand who is authorized to use the report and how to become an authorized user
• Understand the components of the auditor’s opinion letter and what the opinion means to vendor risk management
• Understand the components of the report (including complementary user entity controls) and what the opinion means to vendor risk management
• Identify the criteria for choosing the correct report
• Understand the process for requesting the SOC report(s)
• Understanding bridge or gap letters

Learning Objectives:

• At the end of this session, students will understand the components of the report (including complementary user entity controls) and what the opinion means to vendor risk management. This will include an emphasis on what to pay attention to in the report
• At the end of this session, students will understand the process for requesting the SOC report(s)
• At the end of this session, students will be able to identify the purpose and intended use of each SOC reporting brand and type of report, and how to build their SOC report review checklist for third-party risk management

* Please note: This is not included in the Main Conference registration and requires a separate registration.