SOC 1 SSAE 18 reports will be geared towards service organizations that are reporting on controls relevant to internal control over financial reporting (ICFR). As such, SOC 1 Reports will be conducted in accordance with the professional standard known as Statement on Standards for Attestation Engagements (SSAE) No. 18, simply known as SSAE 18.
Goodbye to SSAE 16 and Hello to SSAE 18. What it Means for You
Additionally, accompanying SOC 1 SSAE 18 audit guides have been released to help auditors perform these engagements. In simpler terms, the SOC 1 reporting framework will use the SSAE 18 standard as the professional standard for issuing these reports, resulting in two (2) types of SOC 1 reports, a Type 1 and a Type 2. This is very similar to the reporting that took place for SAS 70 and SSAE 16, where a service organization was either issued a SAS 70 Type I or a SAS 70 Type II or a SSAE 16 Type or a SSAE 16 Type 2 report. Please note that the intent of SOC 1 SSAE 18 reports (either a Type 1 or a Type 2) is actually what the original SAS 70 standard was designed for, but strayed heavily from- reporting on controls relevant to internal control over financial reporting (ICFR). The advent of SOC 2 reports (and also SOC 3) should be used for all parties reporting on controls outside of that related to financial reporting.
Common examples of service organizations that would be candidates for the SOC 1 SSAE 18 reporting framework are trust departments, registered investment advisors, (RIA), employee benefit plans, actuary services, and many other types of organizations that provide outsourcing service functions to user entities, for which the controls are relevant to the user entities' internal controls related to financial reporting. As a service organization, you'll need to ask yourself as to which particular SOC reporting framework do you fall under and what measures have you taken to communicate with your clients on their reporting needs?
For professional guidance on these matters, trust NDNB Accountants & Consultants, a nationally recognized, PCOAB CPA firm specializing in regulatory compliance. Additionally, you can speak directly with Chris Nickell, CPA, at 1-800-277-5415, ext. 706 regarding your reporting needs.