SSAE16

As for the SSAE 16 effective date, for reporting periods ending on or after June 15, 2011, SSAE 16 is the reporting standard to be utilized in accordance with the AICPA Service Organization Control (SOC) reporting framework.  And though “early adoption” was allowed, few service organizations actually achieved compliance with this newly formed attestation standard. In short, say goodbye (as of June 15, 2011) to the historical SAS 70 auditing standard, and hello to not only SOC 1 SSAE 16 reporting, but also that of SOC 2 and SOC 3 reporting – two great options for many of today’s technology oriented service organizations.

And while the transition from SAS 70 to SSAE 16 has been relatively straightforward, there are new requirements and overall recommendations for which service organizations need to be aware of, such as the following:

Description of the System - Management of the service organization is required to develop a description of its "system", which, though similar to the historical SAS 70 auditing standard description of “controls”, is also seen as more comprehensive in nature

Written Statement of Assertion by Management - Management of the service organization must also effectively "assert" to a number of provisions and clauses regarding SSAE 16 Type 1 and Type 2 compliance.

SOC 2 and SOC 3 are Viable - Don't forget that for many of today's technology oriented service organizations, SOC 2 and SOC 3 (which incorporate the SysTrust and WebTrust Principles) are a great option when compared to SOC 1 SSAE 16 Type 1 and Type 2 reports.

Say hello to AT 101- This once, little-known AICPA professional standard is the authoritative guidance when conducting SOC 2 and SOC 3 reports, so get to know AT 101.

Subservice Organizations are a Critical Component of Reporting - Service organizations themselves actually have other "service organizations" providing material services to them, hence – be on the lookout for subservice organizations as they play an important role in SSAE 16 Type 1 and Type 2 reporting.

A competent, well-qualified PCAOB CPA firm specializing in regulatory compliance should clearly be able to assist in all these matters regarding SSAE 16 reporting and the difference between SAS 70.  And don’t forget that the SSAE 16 effective date is for reporting periods ending on or after June 15, 2011.  So say goodbye to the SAS 70 auditing standard, and hello to Statement on Standards for Attestation Engagements (SSAE) no 16.

Other notable information regarding the SSAE 16 effective date worth reviewing is the following:

Call and speak with Christopher G. Nickell, CPA, to obtain a competitive, fixed-fee for SSAE 16 Type 1 and Type 2 reporting.  He can be reached at 1-800-277-5415, ext. 706, or via email at cnickell@ndbcpa.com.  Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy PacketsThey truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.

Get A Free Quote Today!

Fill out my online form.
Copyright © 2017 SOC Reports. All Rights Reserved.
Joomla! is Free Software released under the GNU General Public License.