SSAE 18 - SOC 1, SOC 2 & SOC 3 Reporting
Third-party service organizations may be expected or contractually obligated to verify the effectiveness of their controls over activities affecting their user organizations' financial statements.
Statement on Standards for Attestation Engagements No. 18 (SSAE 18) supersedes SSAE 16 beginning with reporting periods ending on or after May 1, 2017.
BKD’s IT Risk Services team is here to assist you, whether you are preparing for your first review or making the transition from SSAE 16 to SSAE 18. Our experienced consultants have been helping service organizations refine their processes and improve controls for years. We are well versed in the similarities and differences between the two standards and are ready to provide the services you need.
BKD provides SOC 1, SOC 2 or SOC 3 engagements to help organizations assess the design and operating effectiveness of its controls.
SSAE 18 contains significant changes to management’s responsibilities for Service Organization Controls (SOC) 1 reports and also provides clarification and guidance for service auditors. This article covers changes to SOC 1 audit standards caused by SSAE 18 and their effect on service organization management.
Download the AICPA’s Quick Reference Guide to Service Organization Control Reports now. This guide is a ready reference to service organization reporting controls SOC 1, SOC 2 & SOC 3.