Understanding these 3 critical "must know" issues is essential to gaining a true working knowledge of SSAE 16 and the new AICPA SOC framework.
Santa Monica, CA (PRWEB) May 03, 2011
SSAE 16 compliance is a hot topic today within the regulatory compliance world, and for very good reason. Statement on Standards for Attestation Engagements (SSAE) no. 16, known simply as SSAE 16, is replacing the SAS 70 auditing standard for reporting periods ending on or after June 15, 2011. Thus, if you're a service organization that has undergone SAS 70 compliance in the past, you'll need to learn about SSAE 16 and the new AICPA Service Organization Control (SOC) framework, which consists of SOC 1, SOC 2, and SOC 3 reporting.
As such, NDB Accountants & Consultants (NDB) reveals the following 3 critical "must know" points for gaining a greater understanding of the coming changes to reporting on controls at service organizations.
1. Learn about the new AICPA Service Organization Control (SOC) reporting framework. With the replacement of SAS 70 comes an entirely new approach to reporting on controls at service organizations, consisting of SOC 1, SOC 2, and SOC 3 reports.
2. Understand the relationship between the ICFR concept and SOC 1 | SSAE 16 reporting requirements. Before embarking on SSAE 16 compliance, you'll need to establish a true and credible link with Internal Control over Financial Reporting (ICFR) and SSAE 16 itself. If you cannot, then service organizations need to consider SOC 2 and SOC 3 reports as viable options.
3. Recognize the critical differences between SAS 70 and SSAE 16. Yes, they do exist and are not merely academic, as some have been led to believe. From the description of a "system" to the written assertion by management, SSAE 16 has brought about a number of significant changes when compared to the historical SAS 70 auditing standard.
Please visit the SSAE 16 Resource Guide to view and download the entire SSAE 16 Compliance Technical White Paper, provided exclusively by NDB.
NDB Accountants & Consultants (NDB) is a nationally recognized CPA and Advisory firm specializing in the field of regulatory compliance, ranging from SOC Reports (SSAE 16 and AT Section 101 for SOC 1 and SOC 2, respectively), PCI DSS compliance, to HIPAA, FISMA, and GLBA compliance, just to name a select few. The last decade has seen security, governance, and compliance issues permeate all layers of business, due in large part to the Sarbanes Oxley Act of 2002 and various other state and federal laws and regulations. As such, NDB has been on the forefront of many of these compliance initiatives, developing highly efficient and cost-effective auditing methodologies, while providing first-class, resource rich web portals for educational purposes, such as the highly acclaimed SAS 70 Resource Guide, the PCI DSS Resource Guide along with the ISAE 3402 Resource Guide.