Ryan Buckner

Ryan Buckner is a Principal at Schellman & Company. Ryan currently serves on Schellman’s attestation leadership team and leads the firm-wide research and development for attestation methodology. Ryan is a CIPP, CISSP, CISA, ISO 27001 Lead auditor, and maintains multiple CPA licenses, among other certifications. Ryan is also an AICPA-approved and nationally listed Peer Review Specialist for SOC 1 and SOC 2 examinations. Having completed over 1,000 service audits, Ryan is one of the most experienced service auditors in the world.

COVID-19 and SSAE 18: What Does This Mean for Your SOC Preparedness

Hopefully this writing finds you well and adjusting to perhaps the most serious health-related situation in many a lifetime. Perhaps it may find you contemplating preparedness in specific ways.

Read Article
Why Diversity is a Terrible Goal for Black Professionals

While it’s true that life and the American experience has tremendously improved for most black Americans since the Civil Rights Movement, there remains much opportunity for continued progress.

Read Article
2:45

Optimizing The Audit

A Buck For Your Thoughts - Episode 001

Watch Video
Recodifying SOC reports: What SSAE No. 18 means for SOC 1s

Originally published in Accounting Today Simply put, SSAE No 18 is the standard which recodifies all the previous attestation standards. It is the culmination of the efforts to clarify...

Read Article
Cha-Ching: How Compliance Can Generate Revenue

CIOs have a unique vantage point over their organization. From where they sit, they see efficiencies, pain points, and potential weaknesses across all departments. This level of visibility is...

Read Article
What You Get With Low-Cost Audit Firms: 5 Things to Consider

Whether it is shoes, real estate or professional services, capitalism means for competition among suppliers in ways that are both healthy and necessary. For consumers, competition also provides a...

Read Article
What to Look for When Choosing an Auditing Firm

Think of your auditing firm like you would a long-term business partner. They are someone you will work with year after year, and they will be an integral part of setting the stage for your...

Read Article
Vendor Access to Development and Production

If we require assistance from a vendor to have developer access to production how is that treated during the audit?

Read Article
Countdown - EPCS in New York

The countdown for EPCS in New York is marking the days until March 27, 2015.

Read Article
What are WLA Security Control Standards?

The WLA Security Control Standards help provide confidence in a lottery operation. To retain the confidence of players and other stakeholders, lottery organizations need to develop and maintain a...

Read Article
A Seamless Transition to the New TSP in 3 Steps

In January, the AICPA Assurance Services Executive Committee (ASEC) released the revised version of the Trust Services Principles and Criteria (TSP). Since the release, there have been questions...

Read Article
Always, Never... And Other Absolutes To Avoid

In my line of work, it is not only advisable to have a mastery of the facts, but prudence would suggest that a good dose of foresight and reason based on actual experience can often times be as...

Read Article
SOC 2 Maintenance or Overhaul?

Belonging to the school of thought that new cars are for the birds, I have nearly 250,000 miles on my 14 year old SUV. In some ways, it’s a point of pride, but I must admit that the engine doesn’t...

Read Article
Cloud Security Compliance - A Beautiful Mess

The following is a summary of thoughts based on an enthusiastic exchange at the Atlanta Chapter CSA Meeting on January 20th and was attended by Schellman Shareholder Ryan Buckner.

Read Article
SOC 2 Guidance Observations and Attestation Update

In October, I posted an article on the various alternatives for CPA attestation reports. This past week, the AICPA issued its guidance on Service Organization Controls (SOC) 2 reports and an...

Read Article
XBRL - The Audit Implications of XML for Financial Reporting

This article is also posted on the re: The Auditors blog and can be found here.

Read Article
The 10 Required Components of an SSAE 16 System Description

All reports on controls at service organizations must be performed in accordance with SSAE 16 and/or ISAE 3402 by June 15, 2011. Because the new standards are heavily based on the existing SAS 70...

Read Article
Loading More...

Ryan Buckner

COVID-19 and SSAE 18: What Does This Mean for Your SOC Preparedness

Hopefully this writing finds you well and adjusting to perhaps the most serious health-related situation in many a lifetime. Perhaps it may find you contemplating preparedness in specific ways.

Why Diversity is a Terrible Goal for Black Professionals

While it’s true that life and the American experience has tremendously improved for most black Americans since the Civil Rights Movement, there remains much opportunity for continued progress.

Optimizing The Audit

A Buck For Your Thoughts - Episode 001

Recodifying SOC reports: What SSAE No. 18 means for SOC 1s

Originally published in Accounting Today Simply put, SSAE No 18 is the standard which recodifies all the previous attestation standards. It is the culmination of the efforts to clarify...

Cha-Ching: How Compliance Can Generate Revenue

CIOs have a unique vantage point over their organization. From where they sit, they see efficiencies, pain points, and potential weaknesses across all departments. This level of visibility is...

What You Get With Low-Cost Audit Firms: 5 Things to Consider

Whether it is shoes, real estate or professional services, capitalism means for competition among suppliers in ways that are both healthy and necessary. For consumers, competition also provides a...

What to Look for When Choosing an Auditing Firm

Think of your auditing firm like you would a long-term business partner. They are someone you will work with year after year, and they will be an integral part of setting the stage for your...

Vendor Access to Development and Production

If we require assistance from a vendor to have developer access to production how is that treated during the audit?

Countdown - EPCS in New York

The countdown for EPCS in New York is marking the days until March 27, 2015.

What are WLA Security Control Standards?

The WLA Security Control Standards help provide confidence in a lottery operation. To retain the confidence of players and other stakeholders, lottery organizations need to develop and maintain a...

A Seamless Transition to the New TSP in 3 Steps

In January, the AICPA Assurance Services Executive Committee (ASEC) released the revised version of the Trust Services Principles and Criteria (TSP). Since the release, there have been questions...

Always, Never... And Other Absolutes To Avoid

In my line of work, it is not only advisable to have a mastery of the facts, but prudence would suggest that a good dose of foresight and reason based on actual experience can often times be as...

SOC 2 Maintenance or Overhaul?

Belonging to the school of thought that new cars are for the birds, I have nearly 250,000 miles on my 14 year old SUV. In some ways, it’s a point of pride, but I must admit that the engine doesn’t...

Cloud Security Compliance - A Beautiful Mess

The following is a summary of thoughts based on an enthusiastic exchange at the Atlanta Chapter CSA Meeting on January 20th and was attended by Schellman Shareholder Ryan Buckner.

SOC 2 Guidance Observations and Attestation Update

In October, I posted an article on the various alternatives for CPA attestation reports. This past week, the AICPA issued its guidance on Service Organization Controls (SOC) 2 reports and an...

XBRL - The Audit Implications of XML for Financial Reporting

This article is also posted on the re: The Auditors blog and can be found here.

The 10 Required Components of an SSAE 16 System Description

All reports on controls at service organizations must be performed in accordance with SSAE 16 and/or ISAE 3402 by June 15, 2011. Because the new standards are heavily based on the existing SAS 70...