Get A Fixed Fee Quote Today Request a Free Quote

  • Home
  • Glossary
  • American Institute of Certified Public Accountants (AICPA) | SOC 1 SSAE 16 | ssae16.org

American Institute of Certified Public Accountants (AICPA) | SOC 1 SSAE 16 | ssae16.org

The American Institute of Certified Public Accountants (AICPA) is the national professional organization for Certified Public Accountants (CPA) in the United States. It provides a wealth of services, ranging from educational initiatives, establishing accounting standards, and publishing various technical professional guides, just to name a select few. For purposes of SSAE 16 compliance, the AICPA developed a comprehensive framework known as Service Organization Control (SOC) reports, that would effectively replace the aging and antiquated SAS 70 auditing standard. This new SOC framework consists of the following measures:

•    SOC 1 Reports
•    SOC 2 Reports
•    SOC 3 Reports

SOC 1 Reports will utilize the SSAE 16 professional standard, while focusing specifically on the concept of internal control over financial reporting, which is commonly known as "ICFR".

SOC 2 Reports will utilizes AT Section 101 as the professional standard for this type of reporting. It's important to note that SOC reports will focus on "non" ICFR controls. That is, controls related to Security, Availability, Processing Integrity, Confidentiality or Privacy.

Lastly, SOC 3 Reports will utilize the SysTrust/WebTrust framework for issuing these types of reports. Collectively known as the Trust Services Principles, which was a joint effort between the AICPA and the Canadian Institute of Chartered Accountants (CICA), SOC 3 reporting hopes to play an important role for non-ICFR reporting also.

This new SOC reporting framework was initiated by a specific task force in the AICPA; one that was charged with developing a new approach to reporting on controls at service organizations.

In short, there's much to learn about the new SOC framework, specifically that of SSAE 16. If your organization is considering undertaking SSAE 16 compliance, then a Readiness Assessment by a highly-qualified CPA firm would be a good starting point. And don't forget, you'll also need to understand the relationship between SSAE 16 and the ICFR concept-without question, one of the most important components of the SOC reporting framework.

Contact NDNB Accountants & Consultants today for a competive, fixed-Fee SSAE 16 assessment. We can be reached at 1-800-277-5415, ext. 706.

Since 2006, NDNB has been setting the standard for security & compliance regulations