SOC 1/SSAE 16

A-LIGN Security and Compliance Services To Present Webinar, “Reducing Audit Impact by A-LIGNing PCI DSS, SOC 1 & 2 Requirements”

Gene Geiger, Director at A-LIGN Security and Compliance Services will present a webinar to share practical recommendations for improving overall audit efficiency which will lead to reduced audit impact, audit costs and audit fatigue. The presentation will take place on April 18, 2012 from 1-2 pm EST. All individuals/organizations are…

Read More

SOC 1 / SSAE 16 Case Study for Payroll Administration Services

Case Study - SSAE 16 (SOC 1) for Payroll Administration Services Industry Organizations that directly provide payroll administration services to your clients or are a vendor associated with companies that provide payroll administration services such as electronic funds transfer, payroll debit cards, payroll software, tax filing, or time and attendance and as such have a direct or an indirect impact on the end customers’ financial statements.

Read More

SSAE 16 – What is the Minimum Period for a Type 2 Report?

While working with clients to scope their SSAE 16 engagements, many a times we are asked what is the minimum coverage period for a Type 2 SSAE 16 examination.  Let me try and answer that questions and draw some clarity to it. The SSAE 16 standards require a minimum of a six month reporting period.  Paragraph A42 of Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization (AICPA, Professional Standards, AT sec. 801), states that a type 2 report that covers a period of less than six months is unlikely to be useful to user entities and their auditors.

Read More

SAS 70 is gone??? Why can’t I get a SSAE 16?

In the past two weeks, we have been asked my multiple clients to explain to their customers that the SAS 70 audit standard was superseded as of June 15, 2011.  Our clients were faced with frustrated user organizations that were looking for their SAS 70 audit report.  We had to not only provide our literature and white papers outlining the audit standard has been superseded but provided information directly from the American Institute of CPAs (AICPA) to the same effect. It even got to the point where I told the user organization to call a national accounting firm in their city to confirm what we have said along with the AICPA.   This frustration from user organizations can be expected when the SAS 70 audit requirement lies in the hands of a contracting officer at the user organization.  The communication gap between the legal or vendor relations department and the accounting departments at an organization sometimes is wide and must be bridged.  When the exposure draft of SSAE 16 was released years ago, I recall preaching to clients that they should begin speaking with their customers regarding the change and update contracts with customers as well as vendors to reflect the eventual vanishing of SAS 70.  We continue to encourage clients as we move into September, which is typically “SSAE 16 busy season, “ that our clients should contact their customers and educate them regarding the change and utilize A-LIGN as a resource to provide additional literature where necessary to explain the new standard.

Read More

SSAE 16 Benefits to Service Organizations

Service organizations receive significant value from having an SSAE 16 examination performed.  An SSAE 16 report with an unqualified opinion issued by an independent CPA firm differentiates your company from your peers by demonstrating that your company has achieved a defined set of control objectives relevant to your specific industry, your controls are effectively designed, and, in the case of a Type 2 report, that the controls are operating effectively over a period of time.

Read More

SSAE 16 REPLACING SAS 70

ADVANTAGE TO THE COLLECTIONS INDUSTRY – AGENCIES, ATTORNEYS, VENDORS, CREDITORS AND ASSET BUYERS The AICPA’s Statement on Standards for Attestation Engagements No. 16 (SSAE 16), Reporting on Controls at a Service Organization was issued in April 2010.  As of June 15, 2011, the SSAE 16 effectively replaces the long standing SAS 70 as the U.S. standard for reporting on a service organization's internal controls. SSAE 16 is also referred to as Service Organization Control (SOC) Reporting 1.  The focus of SSAE 16 is on controls at a service organization likely to be relevant to user entities’ internal control over financial reporting.  The SAS 70 has been used as the de facto standard for the collections industry for close to 20 years now.  For service organizations that currently have a SAS 70 service examination (“SAS 70 audit”) performed, changes will be required to effectively report under the new SSAE 16 standard.

Read More