Get A Fixed Fee Quote Today Request a Free Quote

  • Home
  • Glossary
  • Description of the "System" | Service Organization's "System" | ssae16.org

Description of the "System" | Service Organization's "System" | ssae16.org

SSAE 16 requires that management produce and provide a description of its "system"; a narrative illustration that encompasses the following: the services provided, along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization's core activities that are relevant to user entities.

Many service organization undertaking SSAE 16 compliance, either a Type 1 or a Type 2, will have to spend considerable time and effort in crafting their description of its "system", as it generally looked upon as more detailed and comprehensive write-up when compared to the historical SAS 70 audit's description of "controls".  With that said, the following subject matter should be included within your SSAE 16 description of its "system":

  • The services being provided along with the classes of transactions processed.
  • The procedures used, from beginning to end, both automated and manual, for the transactions (such as the flow of the transactions and all activities, from initiation to correction of errors, as necessary).
  • How the system captures and also addresses significant events and conditions along with the processes and procedures used to prepare and report information as necessary to user entities.
  • The control objectives, related controls and user control considerations.
  • The service organizations elements of internal control, based on the COSO framework, which consist of the following: 1. Control Environment. 2. Control Activities. 3. Information and Communication. 4. Risk Assessment. 5. Monitoring.

More importantly, the SSAE 16 description of its "system" will vary from one service organization to another, due in large part to the differences in their respective service offerings along with operational and overall business models. Even with that said, a best practice is to include the above discussed subject matter into your SSAE 16 description of its "system".

If you need assistance with developing your SSAE 16 description of its "system", please contact NDNB Accountants & Consultants, a nationally recognized IR CPA firm specializing in  regulatory compliance.  You can contact Christopher Nickell, CPA, directly at 1-800-277-5415, ext. 706, to discuss your needs and get a competitive, fixed-fee proposal.

Since 2006, NDNB has been setting the standard for security & compliance regulations