SSAE 16 - SOC 1, SOC 2 & SOC 3 Reporting
Third-party service organizations may be expected or contractually obligated to verify the effectiveness of their controls over activities affecting their user organizations' financial statements. Independent attest examinations based on the American Institute of Certified Public Accountants’ (AICPA) Statement on Auditing Standards No. 70 (SAS 70) previously were used for this purpose.
However, U.S. Statement on Standards for Attestation Engagements 16 (SSAE 16) supersedes SAS 70 beginning with reporting periods ending on or after June 15, 2011, and may have an impact as early as July 1, 2010, for service organizations that had been issuing a SAS 70 covering a 12-month period.
BKD’s IT Risk Services team is here to assist you, whether you are preparing for your first review or making the transition from SAS 70 to SSAE 16. Our experienced consultants have been helping service organizations refine their processes and improve controls for years. We are well versed in the similarities and differences between the two standards and are ready to provide the services you need.
BKD provides SOC 1, SOC 2 or SOC 3 engagements to help organizations assess the design and operating effectiveness of its controls.
Download the AICPA’s Quick Reference Guide to Service Organization Control Reports now. This guide is a ready reference to service organization reporting controls SOC 1, SOC 2 & SOC 3.