NDNB also provides third party assurance reporting that may fall outside the scope of SSAE 16.
While the SOC 1 SSAE 18 reporting framework and standard is primarily geared towards reporting on controls at service organizations that provide services to user entities, and for which the controls are likely to be relevant to user entities’ internal control over financial reporting; there is also a need to report on controls outside that of financial reporting.
As such, the American Institute of Certified Public Accountants (AICPA) suggests that practitioners (i.e., service auditors) perform an Attest Engagement in accordance with AT Section 101. Additionally, the AICPA is also very aware of the dramatic changes that information technology is having on the business arena as a whole and will be publishing additional information and helpful guides for meeting these needs.
AICPA SOC 1 and SOC 2 Publications - Get them!
Specifically, the AICPA has been putting forth guides that help practitioners in reporting on controls for service organizations that are increasingly utilizing cloud computing services and other technology related platforms.
You can gain a greater awareness of the importance of AT Section 101 by fundamentally understanding the new AICPA SOC reporting framework, which consists of SOC 1, SOC 2 and SOC 3 reports. If your organization is seeking third-party assurance reporting that may potentially fall outside the scope of an SSAE 16 attestation engagement, please contact Christopher Nickell, CPA, at 1-800-277-5415, ext. 706 to receive a competitive, fixed fee.