SSAE16: A New Direction...
The AICPA and ASB announced the new auditing standards SSAE16. With the addition of the new management reporting and the system audit, SSAE16 has replaced the SAS70 standardization making it now obsolete. At SuperHighway Audits it is our mission to make this new road less of a challenge and more easy to navigate. Allow us to be the driving force on the road to growth
On June 15th, 2011 the AICPA and ACB replaced the SAS70 reporting standard with Service Organization Control (SOC) Reports known as the SSAE16. The new standard SSAE16 now requires three (3) audits through Systems, Management and Controls. SSAE 16 was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the new international service organization reporting standard – ISAE 3402
Because of the globalization of outsourcing many of today's information, technology and services -- the SAS70 reporting quickly became obsolete with not being able to control the third party resource. SSAE16 will now be the globally accepted standard allowing third party organizations and reporting to align itself with its vendors and customers, it is our job to make sure that the vendor is complying with that standard and keep the customers information compliant with this new checks and balances.
The reports that will now be available include SOC (Service Organizational Controls) 1-3. The SAS 70 report will then be replaced by a SOC 1 report, which follows the AICPA's Statement on SSAE 16 (Standards for Attestation Engagements Number 16). SAS70 reports were initially designed and implemented for third-party service providers that processed financial transactions, but over time then developed into a necessity for third party vendors in numerous vertical markets. SOC 2-3 reports will be conducted using AT 101 standards, and will follow the AICPA Trust Services Principles of controls over security, availability, processing integrity, confidentiality and privacy. Both SOC 1 and SOC 2 reports will be available in Type 1 (controls are properly designed, implemented and documented at a "point in time") or Type 2 (controls are properly designed, implemented, documented and have operated effectively over a period of time). The conversion from SAS 70 to SOC Reports were primarily designed to correlate with international accounting standards. However, these new changes also provide alternatives for companies that do not process financial transactions, but require assurance reporting as part of their services offering for their clients..
You may Contact WY Technology, for a full assessment of your organization's auditing and assurance needs.