Patrick Rozario is a Managing Director of Moore Hong Kong and heads up the firm’s Advisory Services to help clients manage their risks and enhance their business operations. Patrick has over 25 years’ experience working for large international accounting firms and in the commercial sector. Patrick has substantial experience working in the area of governance, risk advisory and systems implementations. Patrick managed various internal audits, corporate governance, Sarbanes-Oxley and information technology advisory and assurance engagements for clients across different industries including banking, insurance, telecommunication and government in Hong Kong, China and North America.

Mr. Kevin Lau, Advisory Manager, Moore Hong Kong

Kevin is an Advisory Manager of Moore Advisory’s Governance, Risk and Internal Audit division help leading the cyber-security and data privacy services in Hong Kong serving clients from various industries. Before joining the audit professional, Kevin has many years of experience in operation and risk management in telecommunication and data centre services with HKT and iAdvantage. Kevin holds a Master of Economics degree from University of Hong Kong and graduated from University College London with a Bachelor of Information Management degree.

In supporting risk assessments on service organisations, user entities and business partners may request independent reports on an examination or review of controls from the service organisation. This is where assurance standards for reporting on service organisation controls such as SOC Reporting were developed.

This workshop will introduce the development of SOC Reporting and the present Standards for Attestation Engagements 18; Attestation Standards: Clarification and Recodification (SSAE No. 18) that current SOC Reporting is based on.

In this workshop, we will discuss the difference between SOC 1, SOC 2, SOC 3 and SOC for Cybersecurity. We will also look into details of different type of reports for SOC (Type 1 & Type 2).

With the increasing number of organisations outsourcing IT operations (e.g. SaaS, Data Centre, cloud computing), to third-party vendors, it is important to ensure information security is aligned and properly handled between the organisations and the service providers to mitigate potential vulnerabilities.  SOC 2 (Type 2) Reporting on examination of controls at a service organisation becomes the most common among the different types of SOC Reporting. SOC 2 Reporting focuses reporting on controls at a service organisation relevant to the AICPA’s Trust Services Criteria of Security, Availability, Processing Integrity, Confidentiality, and or Privacy. In this workshop, we will provide more detail information related to SOC 2 (Type 2) Reporting including the audit processes, the audit timeline and the SOC 2 (Type 2) report and related documentation.

Map: Click Here

Please note that the entrance of HKFYG Building situated at 21 Pak Fuk Road will be temporarily closed. Please use the other entrance situated next to the MTR Quarry Bay Station (Exit C – Model Lane) to access the Building.