September 2012 - Service Organization Control Reporting: A Closer Look at SOC 2


This presentation will provide participants with an understanding of the AICPA’s SOC Reporting framework with an emphasis on SOC 2 reports. The presenter will discuss the following topics:

  • An overview of the AICPA’s SOC reporting framework
  • What is a SOC 2 report and how does it fit into that framework
  • An overview of the 5 Trust Services Principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Deciding which report is right for your organization
  • Speaker

    David Palmer, Managing Director KPMG

    Dave Palmer is a Managing Director in KPMG’s IT Advisory practice specializing in SOC reporting and other attestation services.

    Dave serves as KPMG’s representative on the AICPA’s Service Organization Guide Task Force. This task force is responsible for developing guides for service auditors that are based on the attestation standard for Service Organization Reporting. Dave also serves on the AIPCA’s Trust Services Task Force. This task force develops guides for reporting on service organization controls that are not related to financial reporting using the Trust Services criteria. He is also a contributing author on various AICPA and KPMG publications and frequently presents to internal and external audiences, including KPMG’s 404 Institute web casts and the AICPA’s National Advanced Accounting and Auditing Technical Symposium.

    Dave has more than 25 years of experience in the financial services industry and has been responsible for performing SAS 70 and SSAE 16 examinations for some of the nation’s largest financial services companies. He is a Certified Public Accountant and a Certified Information Systems Auditor.