Developing SSAE 16 controls must be done with the ICFR concept in mind, which is an essential component of SOC 1 Reporting
Santa Monica, CA (PRWEB) May 02, 2011
SSAE 16 Controls technical White Paper, released by NDB Accountants & Consultants (NDB), a nationally recognized PCAOB CPA Firm, provides critical "must know" information for service organizations regarding the development of controls for SSAE 16 Type 1 and Type 2 reporting. In short, if you're a organization considering SSAE 16 compliance in the near future, you'll need to have a strong understanding of the Internal Control over Financial Reporting (ICFR) concept as it relates to SSAE 16 controls.
The development of SSAE 16 controls will require service organizations to fundamentally ask themselves what services and controls are in place that affect the internal control over financial reporting (ICFR) for entities that utilize our services? In more simpler terms, as a service organization, you'll need to find a credible "link" between the ICFR concept and SSAE 16 compliance, and if you cannot establish one, then consider a SOC 2 or even a SOC 3 report. Please keep in mind that SOC 1, SOC 2, and SOC 3 are all part of the AICPA Service Organization Control reporting framework, which was recently put forth to better service the reporting needs of service organizations.
As for SSAE 16 controls, establishing the link between ICFR and SSAE 16 compliance itself begins by undertaking the following steps:
1. If you've undertaken previous compliance audits, such as SAS 70 and believe you are a candidate for SSAE 16 compliance, then review your historical control objectives , focusing on the ICFR concept.
2. Begin to develop a series of process-based flow charts, which essentially illustrate your business process lifecycle, ultimately helping you to identify key controls in place, for which many may be ICFR related.
3. Download NDB's SSAE 16 Controls Technical White Paper, for which the full version is available, free of charge, at the SSAE 16 Resource Guide. This document will explain in great detail many of the areas you need to focus on regarding the development of SSAE 16 controls.
NDB Accountants & Consultants (NDB) is a nationally recognized CPA and Advisory firm specializing in the field of regulatory compliance, ranging from SOC Reports (SSAE 16 and AT Section 101 for SOC 1 and SOC 2, respectively), PCI DSS compliance, to HIPAA, FISMA, and GLBA compliance, just to name a select few. The last decade has seen security, governance, and compliance issues permeate all layers of business, due in large part to the Sarbanes Oxley Act of 2002 and various other state and federal laws and regulations. As such, NDB has been on the forefront of many of these compliance initiatives, developing highly efficient and cost-effective auditing methodologies, while providing first-class, resource rich web portals for educational purposes, such as the highly acclaimed SAS 70 Resource Guide, the PCI DSS Resource Guide along with the ISAE 3402 Resource Guide.