SSAE 16 Reporting is fast becoming a requirement for thousands of organizations.
Dallas, TX (PRWEB) January 02, 2013
SSAE 16 reporting has become a common annual requirement for many businesses providing critical outsourcing functions to others. Data centers, third party administrators (TPA), Software as a Service (SaaS) providers – just to name a select few – are being asked to undergo SSAE 16 reporting on a yearly basis, resulting in considerable financial costs and operational commitments for these organizations. That’s why it’s important to not only gain a strong technical understanding of SSAE 16 reporting, but to also take note of the following 5 points regarding Statement on Standards for Attestation Engagements (SSAE) no. 16:
1. The AICPA SOC Framework. The antiquated SAS 70 auditing standard was replaced with not only a new attest standard (SSAE 16), but also a comprehensive framework for reporting on controls at service organizations known as Service Organization Control (SOC) reports.
2. Description of the "System". Management of the service organization is required to provide a description of one’s “system”, which is the following: “the services provided, along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization's core activities that are relevant to user entities”.
3. Written Statement of Assertion. Management of the service organization must also provide a written statement of assertion, which effectively “asserts” to a number of important clauses and provisions regarding SSAE 16 reporting.
4. Subservice Organization Reporting. Many service organizations actually outsource to other service organizations, thus the concept of “subservice organization reporting” becomes very important.
5. Type 1 vs. Type 2 Assessments. With two (2) reporting options available for SOC 1 SSAE 16 reports, organizations need to understand the differences between SSAE 16 Type 1 and SSAE 16 Type 2.
Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, to learn more about NDB's competitive, fixed-fees for SOC compliance. Additionally, visit the official SSAE 16 Resource Guide, developed exclusively by NDB.
Posted by Charles Denyer