SSAE 16 Reports Have Officially Superseded SAS 70 Reports. How Will the Change Affect Your Business?
With SSAE 16 superseding SAS 70′s on June 15, 2011, there are some differences that service organizations must be aware of that directly affects them. SSAE 16 Professionals has the answers to guide your company through the new standard.
Orange, CA (PRWEB) June 20, 2011
SSAE 16 Professionals is a leading provider that specializes solely in SSAE 16 readiness reviews, SSAE 16 Type I Reports, and SSAE 16 Type II Reports. Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010. SSAE 16 was formally issued in April 2010 with an effective date of June 15, 2011, and will effectively replace SAS 70 as the standard for reporting on service organizations.
You may be wondering what the differences are between SAS 70 and SSAE 16. Below are several key differences between SAS 70 and SSAE 16 reports:
- Attestation Standard versus Auditing Standard ““ SSAE 16 reports will follow attestation standards and framework.
- Management Assertion ““ service auditor must obtain management’s assertion which must contain the suitable criteria that management used to determine the controls have been applied as designed. Management’s written assertion must accompany the service auditor’s report.
- Use of Suitable Criteria ““ management must use suitable criteria to base its written assertion. Suitable criteria can include evidence around the system design and implementation, automated or manual processes, types of transactions processed, as well as other COSO components.
- Use of Internal Audit ““ any work performed by internal audit must be discussed, including the type of work performed and the procedures used to perform the work.
- Risk Assessment ““ management must formally identify risks that threaten the achievement of the control objectives.
- are designed to help your users’ (customers’) auditors assess control risk, plan the audit and design procedures in conjunction with their financial statement audits
- provide user auditors a common vehicle to gain an understanding of your control environment without performing independent procedures at your organization
- are primarily a report from a “service auditor” to a “user auditor” on management’s description of relevant internal control structure elements
“Most business executives prefer a collaborative partner when seeking professional services,” says Jim Jimenez, Partner at SSAE 16 Professionals. “SSAE 16 Professionals offers the ultimate value proposition: competitive fees coupled with unparalleled client service and expertise.”
SSAE 16 Readiness Reviews
SSAE 16 Readiness Reviews are consulting engagements that are designed to assist service organizations in assessing their preparedness for a SSAE 16 audit. We work collaboratively with your management team to perform a detailed readiness review and provide you with a gap matrix that identifies controls that would pass right away, controls that would partially fail, and controls that would fail and require remediation (in priority order with recommendations for remediation). Some firms go right into the SSAE 16 and realize there are issues which result in a qualified opinion. By that time, you’ve spent a lot of time and money only to get a qualified report (which is useless to you and your clients).
SSAE 16 Type I and Type II Reports
In addition to Readiness Reviews, SSAE 16 Professionals completes both Type I and Type II SSAE 16 Reports.
- SSAE 16 Type I Reports – A report on policies and procedures placed in operation as of a specified point in time. SSAE 16 Type I Reports evaluate the design effectiveness of a service provider’s controls and then confirms that these controls have been placed in operation as of a specific date.
- SSAE 16 Type II Reports – A report on policies and procedures placed in operation and tests of operating effectiveness for a period of time. SSAE 16 Type II Reports include the examination and confirmation steps involved in a Type I examination plus include an evaluation of the effectiveness of the controls for a period of at least six calendar months. Most user organizations require their service provider to undergo the Type II level examination for the greater level of assurance it provides.
About SSAE 16 Professionals
SSAE 16 Professionals is one of the nation’s leading firms specializing solely in SSAE 16 audits and readiness assessments. Each of our professionals has over 10 years of relevant experience at “Big 4″ and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), and/or MBA (Master of Business Administration). For more information, please visit http://www.SSAE16Professionals.com.
# # #
For the original version on PRWeb visit: http://www.prweb.com/releases/prwebssae16/ssae16audit/prweb8584815.htm