The written assertion by management for SSAE 16 essentially contains a number of provisions for which management of the service organization must "assert" to, such as the following:
- That the description of the service organization's "system" fairly presents the service organization's system that was designed and implemented at either a specific date, which is for an SSAE 16 Type 1 report, or implemented throughout a specified time period, which is for an SSAE 16 Type 2 report.
- That the control objectives stated in management's description of the service organization's system were suitably designed to achieve those control objectives at either a specific date, which is for an SSAE 16 Type 1 report, or designed throughout a specified time period, which is for an SSAE Type 2 report, to achieve those control objectives along with having them operate effectively throughout the specified time period.
- Discuss the criteria used to effectively making these assertions, and, for a SSAE 16 Type 2 report, that the controls were consistently applied.
Learn more about the written assertion by management by and how it affects your organization in preparing for SSAE 16 compliance. Learn more about NDNB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.
Additionally, if you need assistance in preparing for the new reporting requirements for SSAE 16, contact a well-qualified, IR CPA firm that specializes in SSAE 16 compliance.