Regulatory Compliance, Governance and Security

Jul 21 2010   11:53AM GMT

SSAE 16 | Preparing your Organization for the New Changes



SSAE 16, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), will force a large number of service organizations to fundamentally re-address many of the compliance issues that they faced with the SAS 70 auditing standard. SAS 70, which is effectively being replaced by SSAE 16 in 2011, will be put to rest, giving rise to Statement on Standards for Attestation Engagements No. 16.

It is worth noting that two of the most important components of the new SSAE 16 standard in regards to service organization requirements are the following:

1. Management must provide a description of its “system”.
2. Management must provide a written assertion-simply known as the written assertion by management.

What’s interesting to note is that the SAS 70 auditing standard called for only a description of “controls”, and did not even require a written assertion by management. These two issues alone (along with others) will require service organizations to spend considerable time and effort in preparing for these reporting requirements for SSAE 16. Be ready, the migration from SAS 70 to SSAE 16 (and possibly ISAE 3402) is fast underway.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: