Tag: ssae 16 checklist

The SSAE16 Auditing Standard

SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70. The changes made to the standard will bring your company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402. The adjustments made from SAS 70 to SSAE 16 will help you and your counterparts in the US compete on an international level; allowing companies around the world to give you their business with complete confidence. SSAE16 is now effective as of June 15, 2011, and if you have not made the necessary adjustments required, now is the time to find a quality provider to discuss the proper steps. All organizations are now required to issue their Service Auditor Reports under the SSAE 16 standards in an SOC 1 Report. The soon to be effective, SSAE-18, is expected to follow a similar reporting structure to the SSAE-16 within a SOC 1 report. Who Needs an SSAE 16 (SOC 1) Audit? If your Company (the ‘Service Organization’) performs outsourced services that affect the financial statements of another Company (the ‘User Organization’), you will more than likely be asked to provide an SSAE16 Type II Report, especially if the User Organization is publicly traded.Some example industries include: Payroll Processing Loan Servicing Data Center/Co-Location/Network Monitoring Services Software as a Service (SaaS) Medical Claims Processors What you Need to Know: Before starting the SSAE 16 process, there are a number of considerations one must

Read More »

SOC 1 & SOC 2 Preparation Checklist

I’ve been hearing from various people in the marketplace that they were interested in learning about some steps, at a high level, that they need to take to get off the ground and on their way to completing their SOC 1/2 Report Type I or Type II. So, I will give you all a breakdown of some of the things organizations should be doing now, and some things to think about down the line as you progress. This SOC Reporting Checklist is geared towards service organizations whom have never undergone a SAS 70, SSAE 16, etc. in the past and will be taking up the task this coming year. A more detailed version geared towards companies that have some experience being audited will be coming down the line. Do your research. You have already come across our site, so you have begun the process of researching SSAE 16 and the responsibilities that come with performing one. I would continue to search for SAS 70 related information as well, as most of that knowledge is applicable. Find a few CPA firms who perform over 75 SOC Reports annually. You will want to research a number of firms that could perform and sign off on your SOC Report, which, only CPA firms are permitted to do. This process should be handled with the utmost care as you are putting a lot of trust into the company you choose, they can make or break you. Some things to consider: 1. The size of your

Read More »

Get Our Emails

SOC Reporting Guide

Popular SSAE Resources

User Access Reviews

User access reviews are a critical control in almost any IT control framework because they help ensure that users have the appropriate level of access to sensitive data and systems.

Read More »