Service Organization Control 1 Reports (SOC1) (Employee Benefit Plans Conference)

TONY CHAPMAN
CPA, CITP, PARTNER AND SOC SERVICES PRACTICE LEADER
SOC Practice Leader for the Firm, is designated as a SOC 1SM and SOC 2SM specialist by
the Oversight Task Force of the AICPA Peer Review Board.
30 years of experience and is one of the Firm’s leading internal control assessment
specialists
Concentrates his practice in the areas of Service Audits and Internal Control Consulting
Extensive experience with the following industries:
Investment Custodians and other service providers
Government Programs
Telecommunications and other Utilities
Technology
Third Party Administrators
Healthcare
Financial Services
Application Development & Data Hosting Services
Communications
Insurance
Payroll, third party administration
SaaS Providers
▪ Development of extensive expertise in assessing internal control effectiveness
▪ Serves as a “Firm on Firm” and AICPA peer reviewer for SOCSM Audit engagements

Anurag Sharma, CISA, CISSP, CRISC, MBA
Principal, Team Leader, Cyber and Information Security and System and Organization Controls
Withum, Inc.

Mr. Sharma is a principal in the Cyber and Information Security Services practice for the firm. He was selected by the AICPA to write and present the first ever education program for "Reporting on an
Entities Cybersecurity Risk Management Program and Controls" to cybersecurity professionals obtaining SOC for Cybersecurity certification. This Program is the first of its kind, and as  the author and presenter, Anurag is one of the first in the U.S. to become certified. He is designated as a SOC 1 and SOC 2 specialist by the Oversight Task Force of the AICPA Peer Review Board. He has more than 18 years of professional experience in risk assessment and information security consultancy, information technology and compliance audits, NIST cybersecurity assessments, service organization controls audits,establishing IT controls framework, Sarbanes-Oxley 404 compliance, COSO framework and CobiT controls. He has written a number of articles on cybersecurity and SOC topics and regularly speaks and presents on
cybersecurity and SOC topics.
 
He has a Master of Business Administration in Information Systems and a Bachelor of Science in Electronics Engineering. He is a Certified Information Systems Auditor (CISA)
as well as  Certified Information Systems Security Professional (CISSP) and is also Certified in Risk and Information
Systems Controls (CRISC). He is an AICPA Oversight Task Force SOC Specialist.