Formerly known as SAS 70 audits

While the name may not roll right off your tongue, there IS good reason for the name change. The SAS 70 of yesterday refers to Statement on Auditing Standards (SAS) 70 which was developed by the AICPA in 1993 to provide guidance on the evaluation of control policies and procedures of a service organization.

Eighteen years later…a lot has changed in the world. Today we are in a global economy and working with the increasing adoption of international accounting standards. Given that this is really more of an “attest” engagement versus an audit, and to show alliance with the International Accounting and Auditing Standards Board, it was determined that this service should instead fall under Statement on Standards for Attestation Engagements (SSAE).

Read more about the changes in our Whitepaper at the bottom of this page.

What is SSAE 16?

Today’s technology-reliant culture makes it imperative for a service organization to manage information effectively and safeguard sensitive data. As more companies turn to third parties for their IT and processing needs, management needs to understand how their service organization’s internal controls are functioning in order to effectively manage their risk. But while it used to be common just for large companies to have such a review performed, more companies are opting to get one in an effort to stay competitive in their marketplace.

Benefits of a SOC Report:

While a SOC Report may be requested by a client for their audit needs, the results can benefit both parties involved by:

Providing an independent assessment of the service organization’s control structure.
Assisting a client’s auditor in planning the audit of their financial statements, reducing the possibility of incurring additional costs in order to send their auditors to perform required procedures.
Providing a competitive advantage over other companies in the industry that haven’t received a SOC Report.
Building trust and confidence of a client and using the report to reinforce customer contracts.
Assisting with Sarbanes-Oxley certification for a service organization.
Increasing audit efficiencies in financial statement audits for a service organization.
Identifying additional opportunities for improvements in many operational areas of a service organization.

MHM has the Expertise to Help

At MHM, high quality work and technical expertise are part of our core values. We have a dedicated team of professionals who are committed to providing you with the best service possible. They attend regular training to keep up on changing legislation, and have positioned MHM as a leader in the SAS 70 (now SSAE 16) arena. In fact, our professionals were co-authors of Thomson Reuters/PPC’s SAS 70 guide titled e-Practice Aids for Reporting on Controls of Service Organizations, and are currently working on an update to that publication reflective of the change to SSAE 16. In addition to being recognized as an industry leader on a national platform, our team of professionals is dedicated to providing top quality SSAE 16 reviews or readiness services and includes individuals who are accredited Certified Public Accountants (CPA), Certified Information System Auditors (CISA) and Certified Information Systems Security Professionals (CISSP).

Related Articles

Changes to SAS 70 Coming

Changes coming in internal control reports (SAS 70s) issued by service organizations

Contact Us

Resources

SOC Example Control Objectives