Many data centers are choosing SSAE 16 Professionals to perform their SSAE 16 audit because of our personalized approach. We have a unique blend of expertise coupled with good old fashioned client service.
Orange, CA (PRWEB) March 21, 2012
SSAE 16 Professionals has unveiled a specialty service line focusing on SSAE 16 reports for Data Centers. With the cost of maintaining an in-house data center so high, and the criticality of access to information 24/7/365, many companies choose to outsource their physical and environmental security needs to a data center. The data center houses critical computer systems, hardware components, telecommunications equipment, and storage systems. Most data centers provide redundant power supplies, redundant data communication connections, electrical power, environmental controls (e.g., air conditioning, fire suppression) and internet connections. Often times, companies will only choose to contract with SSAE 16 audited data centers to ensure they maintain appropriate internal controls around security, privacy, and availability.
“Many data centers are choosing SSAE 16 Professionals to perform their SSAE 16 audit because of our personalized approach,” says Jim Jimenez, Managing Partner at SSAE 16 Professionals. “We have a unique blend of expertise coupled with good old fashioned client service.”
The Sarbanes-Oxley Act (SOX) requires publicly traded companies to perform an annual financial statement audit, which includes key processes that may impact the company’s financial statements. If these public companies outsource one of these key processes to a service organization, they will need to undergo an SSAE 16 audit. The SSAE 16 report can eliminate the need for a service organization to be subject to multiple audits from clients and their respective auditors. This will most likely eliminate service organizations receiving multiple visits from client auditors, which can place a huge strain and operational burden on a service organization’s limited resources. Even if clients of service organizations are not public companies, current and prospective clients are more likely to trust service organizations with their data or performing an important business process on their behalf because they will have the ability to review the SSAE 16 report and verify the effectiveness of a service organizations internal controls. This allows clients to manage their risks and exposures while outsourcing key business services to service organizations.
SSAE 16 (SOC 1) Report Overview
SSAE 16 (SOC 1) Reports, which have effectively replaced SAS 70 reports, will be prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SOC 1 reports retain the original purpose of SAS 70 by providing a means of reporting on the system of internal control for purposes of complying with internal control over financial reporting. SSAE 16 Professionals completes both SSAE 16 Type I Reports and SSAE 16 Type II Reports.
- SSAE 16 Type I Reports - A report on policies and procedures placed in operation as of a specified point in time. SSAE 16 Type I Reports evaluate the design effectiveness of a service provider’s controls and then confirms that these controls have been placed in operation as of a specific date.
- SSAE 16 Type II Reports - A report on policies and procedures placed in operation and tests of operating effectiveness for a period of time. SSAE 16 Type II Reports include the examination and confirmation steps involved in a Type I examination plus include an evaluation of the effectiveness of the controls for a period of at least six calendar months. Most user organizations require their service provider to undergo the Type II level examination for the greater level of assurance it provides.
SSAE 16 Readiness Reviews
Additionally, many service organizations undergoing the SSAE 16 audit for the first time choose to perform a SSAE 16 Readiness Assessment. SSAE 16 Readiness Assessments are consulting engagements that are designed to assist service organizations in assessing their preparedness for a SSAE 16 audit. SSAE 16 Professionals works collaboratively with management teams to perform a detailed readiness review and provide a gap matrix that identifies controls that would pass right away, controls that would partially fail, and controls that would fail and require remediation (in priority order with recommendations for remediation). Some firms go right into the SSAE 16 and realize there are issues which result in a qualified opinion. By that time, the service organization has spent a lot of time and money only to get a qualified report (which is useless to both the service organizations and its clients).
Benefits of Performing a SSAE 16 Audit
There are many benefits of performing an SSAE 16 audit, including:
- Annual Investment – Many companies view SSAE 16 audits as an annual investment with a proven ROI, increasing the service organization’s prospective client base, organizational productivity, customer retention and accountability.
- Financial Audit Requirement for Public Companies - Auditors of a user entity’s Clients will increase their scrutiny of the “system of internal control” during their audits of the financial statements (Sarbanes-Oxley), which will result in more requests for service organization’s SSAE 16 report.
- Competitive Advantage - SSAE 16 can be a key differentiator to a service organization’s prospective clients.
- One Time Audit - Avoids user auditors (auditors of user entities clients) continuously contacting the service organization’s personnel for separate audits throughout the year. Rather, a service organization’s clients request and rely on the SSAE 16 report.
- Increased Trust and Transparency with Customers - Customers are more likely to trust a service organization with their data or performing an important business process on their behalf because they will have the ability to review the SSAE 16 report and verify the effectiveness of the service organization’s controls. This allows the service organization’s customers to manage their risks and exposures while outsourcing key business services to the service organization.
- Increasing Organizational Efficiencies and Cost Reductions – SSAE 16 Professionals takes a consultative approach to each engagement, allowing the firm to “think outside the box” and provide value added recommendations to improving a service organization’s business.
- Build Efficiencies with RFP’s – if a service organization receives RFP’s throughout the year from client prospects, an SSAE 16 can reduce the overall effort in completing the RFP. Client prospects are concerned with risks to their information, many of which will be independently tested within the SSAE 16 report. Additionally, if a service organization does not perform an SSAE 16 and the RFP includes a question requiring the report, the service organization faces the possibility of being eliminated from the bidding process, even if they are the most qualified service provider.
The SSAE 16 Professionals Difference
SSAE 16 Professionals differentiates itself from local, regional, national, and “Big 4” CPA firms in several distinct ways
- Experience – SSAE 16 Professionals’ leadership team has over 80 years of business management, operations and related information technology (IT) experience.
- Resources – SSAE 16 Professionals’ detailed and collaborative approach also helps to identify opportunities for improvement within client operations. SSAE 16 Professionals’ proven methodology, flexible delivery methods, efficient economic operating model and focus on adding value for clients is evident in everything SSAE 16 Professionals does.
- Personal Touch – the partners and managers at SSAE 16 Professionals take a very active role in each engagement. SSAE 16 Professionals does not disappear after the proposal process.
- Fixed Fee Engagements – many firms quote a low fee with a lot of assumptions and then hit the client with change orders when the work inevitably takes longer. SSAE 16 Professionals’ quote is set in stone (fixed fee), and SSAE 16 Professionals will write off any excess time to get the work done properly (any time incurred on top of the fixed fee would be a first year investment in hopes of establishing a long-term SSAE 16 relationship with clients).
- Full Readiness – SSAE 16 Professionals does a full/complete SSAE 16 readiness run through of all controls/areas and provide detail on what needs to be done to pass every test.
About SSAE 16 Professionals
SSAE 16 Professionals is a leading provider that specializes solely in SSAE 16 readiness reviews, SSAE 16 Type I Reports, SSAE 16 Type II Reports, and other IT audit and compliance reports. Each of our professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control) and/or MBA (Master of Business Administration). For more information, please visit http://www.SSAE16Professionals.com.