Collections

Ask A-LIGN: When receiving our first SSAE 16 audit, if the auditors find minor mistakes, will we have the opportunity to correct them?

By: Scott Price, Managing Partner of A-LIGN Answer: I hear this question often and, my answer is, “it depends.” I realize this is not the response most of you were hoping for, but I will elaborate. If your audit is a Type 1 SSAE 16, you can elect to have the review date of the report dated for when the service organization has remediated all deficiencies found in the controls. This is one of the main reasons why service organizations like to start with a Type 1 audit. However, in the same breath, the user community sees the limitations of a Type 1 since it only gives assurance at a specific point in time. It is a snapshot.

Read More

Preparing your Collection Agency for the CFPB Examination

By: Neil Gonsalves, Director at A-LIGN OVERVIEW On October 24, 2012 the Consumer Financial Protection Bureau (CFPB) published a rule that would allow the CFPB to federally supervise the larger consumer debt collectors/collection agencies. One of the main objectives of the CFPB Examination is to ultimately help ensure that consumers that are affected by the debt collection process are treated fairly. The CFPB’s supervision authority over these debt collectors/collection agencies took effect on January 2, 2013. Under the rule, any firm that has more than $10 million in annual receipts from consumer debt collection activities are subject to the CFPB’s supervisory authority. The CFPB may adopt a risk based approach focusing on debt collectors/collection agencies that pose a heightened risk to consumers based on information available from regulators, complaints, litigation, and media among other sources.

Read More

A-LIGN Security and Compliance Services To Present Webinar, “Reducing Audit Impact by A-LIGNing PCI DSS, SOC 1 & 2 Requirements”

Gene Geiger, Director at A-LIGN Security and Compliance Services will present a webinar to share practical recommendations for improving overall audit efficiency which will lead to reduced audit impact, audit costs and audit fatigue. The presentation will take place on April 18, 2012 from 1-2 pm EST. All individuals/organizations are…

Read More

SOC 1 / SSAE 16 Case Study for Payroll Administration Services

Case Study - SSAE 16 (SOC 1) for Payroll Administration Services Industry Organizations that directly provide payroll administration services to your clients or are a vendor associated with companies that provide payroll administration services such as electronic funds transfer, payroll debit cards, payroll software, tax filing, or time and attendance and as such have a direct or an indirect impact on the end customers’ financial statements.

Read More

SSAE 16 Benefits to Service Organizations

Service organizations receive significant value from having an SSAE 16 examination performed.  An SSAE 16 report with an unqualified opinion issued by an independent CPA firm differentiates your company from your peers by demonstrating that your company has achieved a defined set of control objectives relevant to your specific industry, your controls are effectively designed, and, in the case of a Type 2 report, that the controls are operating effectively over a period of time.

Read More

SOC 2 and Subservice Organizations

SOC 2 AND SUBSERVICE ORGANIZATIONS After a review of the new SOC 2 guide, Reporting on Controls at a Service Organization, I noticed that the responsibilities of the service auditor, service organization and subservice organization all seem to have increased when it comes to how subservice organizations may be considered / treated under the new standard.  Trying to get all three parties on the same page is a daunting feat in itself and I wanted to take a moment to share some of the highlights. The inclusive and carve-out method can still be used for subservice organizations just as in SOC 1.

Read More

SSAE 16 REPLACING SAS 70

ADVANTAGE TO THE COLLECTIONS INDUSTRY – AGENCIES, ATTORNEYS, VENDORS, CREDITORS AND ASSET BUYERS The AICPA’s Statement on Standards for Attestation Engagements No. 16 (SSAE 16), Reporting on Controls at a Service Organization was issued in April 2010.  As of June 15, 2011, the SSAE 16 effectively replaces the long standing SAS 70 as the U.S. standard for reporting on a service organization's internal controls. SSAE 16 is also referred to as Service Organization Control (SOC) Reporting 1.  The focus of SSAE 16 is on controls at a service organization likely to be relevant to user entities’ internal control over financial reporting.  The SAS 70 has been used as the de facto standard for the collections industry for close to 20 years now.  For service organizations that currently have a SAS 70 service examination (“SAS 70 audit”) performed, changes will be required to effectively report under the new SSAE 16 standard.

Read More