SSAE16

SSAE 16 compliance is a hot topic today indeed, within the regulatory compliance world, and for very good reason.  Statement on Standards for Attestation Engagement (SSAE) no. 16, known simply as SSAE 16, is effectively replacing the longstanding SAS 70 audit standard for reporting periods ending on or after June 15, 2011.  In short, if you’re a service organization and have undergone SAS 70 Type I and/or Type II audits in the past, it’s time you gain a comprehensive understanding of three (3) critical points pertaining to the new SOC compliance. Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy PacketsThey truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.

Service Organization Control (SOC) 1 reports will be conducted in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization.  SSAE 16 is effectively replacing the SAS 70 auditing standard for reporting periods ending on or after June 15, 2011.  Much like SAS 70, SSAE 16 provides two (2) reporting options; Type 1, a report on a service organization's system and the suitability of the design of controls", while an SSAE 16 Type 2 Report is officially a "Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls".  Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy PacketsThey truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.

The SSAE 16 AICPA standard, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) is a game-changer, to say the least.  First and foremost, it effectively replaces the long-standing Statement on Auditing Standards No. 70 (SAS 70), which was issued in April, 1992.

Statement on Standards for Attestation Engagements (SSAE) No. 16 represents a convergence, adoption and migration to that of more globally accepted accounting standards.  As such, SSAE 16 and its international equivalent, ISAE 3402, share a very common framework, both requiring service organizations to provide a description of their “system” along with a written assertion by management. These two requirements are noticeably different from that of the U.S. based SAS 70 standard, which only called for a description of “controls” and did not require a written assertion by management.

Regarding SSAE 16, the AICPA also issued a four (4) page pdf. document titled “FAQs -New Service Organization Standards and Implementation Guidance” in which it answered many of the pressing and “hot button” issues facing SSAE 16. Some of them are technical, but others speak to the overall intent and use of SSAE 16.  For example,

Get A Free Quote Today!

Fill out my online form.
Copyright © 2017 SOC Reports. All Rights Reserved.
Joomla! is Free Software released under the GNU General Public License.