Service Organization Controls

SSAE 18 and How it Impacts SOC Engagements

About this time last year, the American Institute of Certified Public Accountants (AICPA) released a new standard that will impact how accounting firms and service organizations will approach their SOC 1 engagements. Statement on Standards for Attestation Engagements (SSAE) No. 18 Attestation Standards: Clarification and Recodification does not provide wholesale changes to the SOC reporting […]

Risk Assessment Requirements for SOC Examinations

Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, has established three types of Service Organization Controls reports (“SOC”). The three types SOC 1, SOC 2, and SOC 3 are comprised of various components and require different reporting aspects based on the type of examination. Regardless of whether […]

AICPA Issues New Trust Services Principles

The American Institute of CPAs (AICPA) recently issued new Trust Services Principles (TSP Section 100) in April 2016 that supersedes the previous version issued in 2014. In an effort by the AICPA to continually improve and adapt the Trust Services Principles, the AICPA released revisions that primarily impact the privacy criteria as well as several […]

The Importance of SOC 2 and SOC 3 Readiness Assessment

Since the implementation of SSAE 16 and the creation of the SOC 2 and SOC 3, more and more organizations have gained a stronger understanding of the AICPA SOC framework. SOC 2 and SOC 3 examinations have continued to become more popular among information technology service organizations. The SOC 2 and SOC 3 framework was […]

Bridging the Gap in SSAE 16 SOC 1 and SOC 2 Reporting Periods

Service organizations often issue SSAE 16 SOC 1 and SOC 2 reports with reporting periods that are not consistent with user entity financial reporting years, creating a “gap” in the internal controls over financial reporting. For example, a nine month SSAE 16 SOC 1 type II report with a period ending September 30 would leave […]

Selecting the Correct SSAE 16 Type II Reporting Period

One of the most frequent concerns for service organizations undergoing a SSAE 16 SOC 1 type II deals with the reporting period of the examination. The questions generally deal with two specific areas: what is the appropriate length of the reporting period and when should the reporting period begin and end? The two questions present […]

Fiduciary Responsibility: Reviewing a 401(k) Service Provider’s SSAE 16 Report

A service provider’s Statement on Standards for Attestation Engagements No. 16 report (SSAE 16 report) is a great tool that plan sponsors can use for evaluating 401(k) service providers during the hiring and monitoring processes, as part of the plan sponsor’s fulfillment of their fiduciary responsibilities. Many 401(k) service providers can provide this report, but […]

Introduction to SSAE 16 and Service Organization Controls (SOC) Examinations

In 2010, the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and effectively replaced Statement on Auditing Standards No. 70, Service Organizations, as the authoritative guidance for reporting on the internal controls […]

Next Page »

RECENT POSTS


PrimeGlobal


You are about to leave the McKonly & Asbury, LLP website. Neither McKonly & Asbury, LLP nor PrimeGlobal are responsible for the content of the site you will be visiting. Click HERE to continue to www.primeglobal.net.

×