Statement on Standards for Attestation Engagements (SSAE) No. 16, is an attestation standard issued by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Specifically, SSAE 16 is an attestation standard geared towards addressing engagements conducted by practitioners (known as "service auditors") on service organizations for purposes of reporting on the design of controls and their operating effectiveness. As such, SSAE 16 engagements conducted by service auditors on service organizations will result in the issuance of either a SSAE 16 Type 1 or Type 2 Report.
A Type 1 report is technically known as a "Report on Management's Description of a Service Organization's System and the Suitability of the Design of Controls", or simply known as an SSAE Type 1 report.
Regarding a Type 2 Report, it is technically known as a "Report on Management's Description of a Service Organization's System and the Suitability of the Design and Operating Effectiveness of Controls", or simply known as an SSAE Type 2 report.
SSAE 16 has effectively replacing SAS 70 as the primary standard for reporting on controls at service organizations. SAS 70, an auditing standard put forth in 1992 by the AICPA, has been a highly valuable and globally accepted framework and one that has been amended a number of times for helping keep pace with the growing changes in regulatory compliance. Even so, limitations within the SAS 70 framework prompted the Auditing Standards Board of the AICPA to put forth a new standard, one with an "attest" function, and one that closely mirrors the international standard on reporting on controls at service organizations - ISAE 3402.
Service organizations should not be alarmed that SSAE 16 is replacing SAS 70, primarily because many of the requirements and overall elements within SSAE 16 are essentially similar to that of SAS 70, with some notable exceptions. The two biggest changes being brought forth by SSAE 16 is that Management must provide the service auditor with a (1).Description of the service organization's "system" along with (2). a written assertion.
Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. Developing policies and procedures can be an incredibly time-consuming process, and it's why businesses are turning to NDB for our industry leading SOC 1 and SOC 2 Policy Packets. To learn more about NDB's SSAE 16 SOC 1 and SOC 2 services, along with obtaining a fixed-fee proposal, contact Christopher Nickell, CPA, at 1-800-277-5415, ext. 706, or email him at email@example.com today.