SSAE 16 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to provide a mechanism by which service organizations can demonstrate the establishment of effectively designed control objectives and control activities to their customers, via an in-depth audit of the processes that are related to the services rendered to their customers. SSAE 16 replaces SAS 70 in the USA from 2010 and ISAE 3402 is the equivalent of SAS 70 used internationally from 2010
SSAE 16 audit might be necessary if your organization provides services to another organization (e.g. in case of outsourced business processes), and if those services have a direct or indirect effect on the financial statements or internal control system (ICOFR) of that organization. On the other side, if your organization outsourced some business processes to a service organization, and if those services have a direct or indirect effect on the financial statements or internal control system (ICOFR) of your organization, than you might request a SSAE 16 report from the service organization, that must undertake a SSAE 16 audit. The report can provide information to you or to your financial auditor about the effectiveness of controls operated by the service organization (which is typically necessary in case of Sarbanes-Oxley audits).