On June 15, 2011, the American Institute of Certified Public Accountants (AICPA) revised the SAS 70 standard of internal control audits for Service Organizations. The new standard, SSAE 16, has similar principles of its predecessor and will include auditing the design of controls (Type 1) and actually testing the controls implemented (Type II) through the Service Organization Control Report (SOC 1).
If you are a service organization that handles information for your clients that may have an impact on their financial reporting, you may be requested to obtain a SOC 1 report. This report can demonstrate that your organization has been through an in-depth audit of control objectives and activities by an independent accounting and auditing firm.
The SSAE 16 audit includes review of controls over transaction processing, security, data hosting and other related processes. Due to growing concerns over the security of customer information and data, service organizations must demonstrate they have adequate controls and safeguards in place.
Our SOC 1 compliance services and audit report is based on the AICPA guidelines and includes:
- Evaluation of documented policies and procedures
- Assessments of key operational controls related to the accuracy of financial data and information technology general controls
- Evaluation of the design of controls as of a point in time (Type 1)
- Formal testing of operating effectiveness of controls over a period of time (Type 2)
- Independent SOC 1 audit report providing an opinion on the controls evaluated
Some examples of organizations that may need a SSAE 16 audit are:
- Third-party, outsourcing vendors providing services to the healthcare and financial services industries
- Credit processing organizations and clearinghouses
- Medical claims processors
- Payroll companies and third-party administrators
- Insurance claim processing organizations
These are just some of the service organizations in need of a SSAE 16 audit. At BlumShapiro, we can perform the appropriate type of SOC (Type I or Type II) and provide an audit opinion on your controls.
Please contact us today to learn more about our SSAE 16 services.