Understanding the migration from SAS 70 to SSAE 16 requires learning about 6 critical elements
Atlanta, GA (PRWEB) June 29, 2011
The SSAE 16 Standard, put forth by the AICPA has effectively replaced SAS 70 for reporting periods ending on or after June 15, 2011. This is an important event indeed as it represents the first major change in service organization reporting on controls in almost two decades. Be prepared and get ready for the changes from SAS 70 to SSAE 16 along with the new Service Organization Control (SOC) reporting platform, for which the SSAE 16 standard is a part of. Get the facts today from NDB Accountants & Consultants (NDB) and learn about 6 critical points regarding SSAE 16.
While there are a number of changes from SAS 70 to SSAE 16, the following 6 critical points are a "must know" for all parties interested in the new service organization reporting requirements.
1. The SSAE 16 standard is a new "attest" standard and one that forms the basis for the new Service Organization Control (SOC) reporting platform, particularly that of SOC 1. In short, SSAE 16 is the professional standard for which SOC 1 reports will be issued under.
2. The other two SOC reporting options, SOC 2 and SOC 3, have been designed to help meet the growing demands of reporting on controls at technology related entities, such as cloud computing vendors, Software as a Service (SaaS) providers, data centers, and others. You'll need to learn the differences between all the SOC reporting options for your organization.
3. For SSAE 16 compliance, develop a description of a specific "system," which is essentially the following: the services provided, along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization's core activities that are relevant to user entities.
4. Additionally, a written statement of assertion, (i.e., assertion by management, management assertion) must also be produced and provided to the service auditor performing the SSAE 16 engagement. This was never a requirement for SAS 70, thus you'll need to understand the dynamics of this requirement.
5. Gain an understanding of the Internal Control over Financial Reporting (ICFR) concept and how that affects which SOC reporting platform (i.e., 1, 2, or 3) choosen to use.
6. Lastly, SSAE 16 not only represents a new standard, but a migration towards globally accepted accounting principles, as witnessed by the similarities of SSAE 16 and ISAE 3402.
Read and download the SSAE 16 Standard and 6 Essential Points you Need to Know whitepaper.
NDB Accountants & Consultants (NDB) is a nationally recognized CPA and Advisory firm specializing in the field of regulatory compliance, ranging from SOC Reports (SSAE 16 and AT Section 101 for SOC 1 and SOC 2, respectively), PCI DSS compliance, to HIPAA, FISMA, and GLBA compliance, just to name a select few. The last decade has seen security, governance, and compliance issue permeate all layers of business, due in large part to the Sarbanes Oxley Act of 2002 and various other state and federal laws and regulations. As such, NDB has been on the forefront of many of these compliance initiatives, developing highly efficient and cost-effective auditing methodologies, while providing first-class, resource rich web portals for educational purposes, such as the highly acclaimed SAS 70 Resource Guide, the PCI DSS Resource Guide along with the ISAE 3402 Resource Guide.