An SSAE 16 overview of all the important components of Statement on Standards for Attestation Engagements (SSAE) No. 16 can be found at the SSAE 16 Resource Guide, provided by NDB Accountants & Consultants. Many service organizations will be making the transition from SAS 70 to SSAE 16, and as such, will need to gain a comprehensive understanding of this new “attest” standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.
Start your SSAE 16 overview by gaining a strong understanding of how the new standard evolved along with the similarities shared with its international equivalent, ISAE 3402. Additionally, you will need to learn about important service organization reporting requirements, such as the description of the “system” along with management’s responsibility to provide a written assertion.
Many organizations simply think that the transition from SAS 70 to SSAE 16 is administrative and procedural based, that is, significant changes are not really taking place. Though there is some truth to this assumption, there are still material changes from SAS 70 that you should be aware of, most notably, the two above mentioned requirements: the description of the “system” and the written assertion by management of the service organization, but also others.
The SSAE 16 description of the “system”, for example, is widely regarded by many practitioners to be more expansive and comprehensive than the SAS 70 description of “controls”. Thus, many service organizations will undoubtedly be spending significant time in developing a description of their “system” that truly meets the spirit of the standard. And as for the written assertion, a well-qualified CPA firm should be able to provide guidance and assistance in this matter, (along with helping you developed a description of a service organization’s “system”).
Your SSAE 16 overview should also include gaining a strong understanding of the following areas:
• What role, if any, will the internal audit function (or personnel performing similar procedures) play within your organization?
• How are the new reporting requirements different from that of SAS 70?
• What are the reporting requirements (inclusive method and carve-out method) for subservice organizations?
• How can you put in place a sustainable and workable roadmap for SSAE 16 compliance, which should start with a readiness assessment?
• What do you need to know about the AICPA Service Organization Control (SOC) reporting framework is and its relationship to SSAE 16?
NDB Accountants & Consultants can provide your organization with a cost-effective “fixed fee” for all your compliance needs, including SSAE 16 engagements.
Thus, begin your SSAE 16 overview today and quickly get up to speed on the new attest standard for reporting on controls at service organizations.
To learn more about our services and pricing, please call Chris Nickell, CPA, at 1-800-277-5415, ext. 706.