SSAE16

Service Organization Control (SOC) 2 reports will be conducted in accordance with AT Section 101 and will utilize the AICPA audit guide (which will be released in April of 2011) titled "Reports on Controls at a Service Organization over Security, Availability, Processing Integrity,  Confidentiality, or Privacy".  Thus, when reporting on controls other than those likely to be relevant to user entities’ internal control regarding financial reporting (i.e., controls outside that of financial reporting), SOC 2 reports should be utilized.  And much like the SOC 1 | SSAE 16 Reports, SOC 2 reports can either be that of a Type 1 or a Type 2.  And as noted earlier, when using the audit guide "Reports on Controls at a Service Organization over Security, Availability, Processing Integrity,  Confidentiality, or Privacy", the engagement for SOC 2 reports must be done so in accordance with AT Section 101.  Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy PacketsThey truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.

So, what will the commonly accepted "street" phrase be for SOC 2 reports?  It's unclear at this point, but what is well-known and readily accepted by practitioners (i.e., CPA's and auditors alike) are that engagements conducted in accordance with the AICPA audit guide titled "Reports on Controls at a Service Organization over Security, Availability, Processing Integrity,  Confidentiality, or Privacy", will play a very large and significant role in service organization reporting.  Why? Because it's true purpose and merit is that of reporting on controls outside that of financial reporting, for which there are literally scores of entities that fall under this category.  Think cloud computing, Software as a Service (SaaS), or software development companies, just to name a few.  Ironically, this is where SAS 70 strayed, as it became an auditing standard that was incorrectly used for many service organizations.  SOC 2 reports seem to want to right this wrong.

Learn more about reporting on controls outside that of financial reporting and the impact that AT Section 101 will have.

Get A Free Quote Today!

Fill out my online form.
Copyright © 2017 SOC Reports. All Rights Reserved.
Joomla! is Free Software released under the GNU General Public License.