SSAE 16 | What are the Key differences between SSAE 16 and SAS 70?
SSAE 16 differs from SAS 70 in a number of areas; the most fundamentally important aspect being that SSAE 16 is an “attestation” standard, while SAS 70 is an “auditing” standard. The Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) felt that examining a service organization’s “system” and their controls is not considered an audit of financial statements, thus it should not be categorized as that.
Additionally, the ISAE 3402 standard, put forth by the International Auditing and Assurance Standards Board (IAASB), a standard-setting board of the International Federation of Accountants (IFAC), is an “assurance” standard, which is essentially equivalent to the SSAE 16 “attestation” standard.
As for reporting requirements for service organizations, SSAE 16 requires a description of one’s “system” along with a written assertion by management, whereas SAS 70 requires a description of “controls” and no written assertion. The key difference between the SSAE 16 description of its “system” and the SAS 70 auditing standard’s description of “controls” is that many organizations may find themselves having to revise their prior descriptions to meet the new requirements for SSAE 16 reporting.
Generally, most practitioners seem to agree that the SSAE 16 requirements for a description of its “system” are considered more comprehensive and expansive than the SAS 70 auditing standards description of “controls”.
Contact NDB, a nationally recognized CPA firm for helping your organization prepare for the new SSAE 16 reporting requirements.
NDBYour Trusted Provider for SSAE 16 Compliance
- Vast Experience Across Numerous Industries and Sectors
- Fixed Fee Engagements for SSAE 16 Reports
- Nationally Recognized PCAOB CPA Firm