SSAE 16 controls form a critical component of any type of SSAE 16 assessment, as they play a large role in ultimately determining what areas within a service organization's control environment are going to be evaluated and possibly tested (SSAE 16 Type 2 assessments) for compliance. But much like the historical SAS 70 auditing standard, SSAE 16 allows for a high degree of flexibility regarding SSAE 16 controls, specifically in regards to the actual language of the control objectives themselves, the areas they evaluate and test, along with other critical issues. And because unlike PCI DSS compliance, which is prescriptive in nature as defined by the 12 specific PCI DSS "Requirements" and supporting tests, SSAE 16 relies on the service organization to ultimately assess and determine what controls are to be included. That's easier said than done, so take note of the following 5 important points to know about regarding SSAE 16 controls.
SSAE 16 Type 2 reports are being issued for many service organizations from a wide and varied list of industries these days. And much of this has to do with the passing of the torch from the SAS 70 auditing standard to the SSAE 16 attestation standard, along with more and more service organizations simply being required to undertake SSAE 16 Type 2 compliance. With that said, an introduction to SSAE 16 Type 2 reports will help all interested parties (i.e., service auditors, service organizations, etc.) gain a greater understanding of Statement on Standards for Attestation Engagements (SSAE) No. 16. So take note of the following points regarding SSAE 16 Type 2 reports.
The AICPA has officially published "Statement on Standards for Attestation Engagements - Reporting on Controls at a Service Organization", which now becomes the essential guide for all parties interested in learning more about the SSAE 16 AICPA attestation standard. And though the guide is extremely helpful to many practitioners, it can seem a little dry to the average reader. With that said, let's pull out what are considered the essential and critical points from this publication in hopes of giving individuals a comprehensive and thorough understanding of SSAE 16.
Need SSAE 16 training for gaining a thorough and comprehensive understanding on Statement on Standards for Attestation Engagements (SSAE) No. 16? Then visit the official SSAE 16 Resource Guide, developed exclusively by NDB Accountants & Consultants, a nationally recognized PCAOB CPA firm specializing in SSAE 16 and all other aspects of the AICPA Service Organization Control (SOC) reporting framework.