SSAE 16 / SOC Reporting

We help prepare the required report, or can also provide advisory services in case of this will be the first audit year, and if your Company needs assistance with the implementation of the controls.

  • Assist in independent, third party assurance that adequate internal controls and safeguards exist over customer information and related business processes.
  • Our independent, objective reports contain our opinion on the design, implementation and effectiveness of the service organization’s control environment, tests of operating effectiveness and the results of those tests performed.
  • Our rigorous process meets industry best practice standards, and may include the COBIT framework, ITIL model and ISO 17799 standards, depending on your individual needs.
  • Our practitioners hold certifications such as CPA, CISM, CISSP, CISA

Ready to Get Started?

Get in touch with our expert team to discuss your business needs or to evaluate the services for free.

Get Started
Datasheet

What is SSAE 16 Audit?

SSAE 16 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to provide a mechanism by which service organizations can demonstrate the establishment of effectively designed control objectives and control activities to their customers, via an in-depth audit of the processes that are related to the services rendered to their customers. SSAE 16 replaces SAS 70 in the USA from 2010 and ISAE 3402 is the equivalent of SAS 70 used internationally from 2010

SSAE 16 audit might be necessary if your organization provides services to another organization (e.g. in case of outsourced business processes), and if those services have a direct or indirect effect on the financial statements or internal control system (ICOFR) of that organization. On the other side, if your organization outsourced some business processes to a service organization, and if those services have a direct or indirect effect on the financial statements or internal control system (ICOFR) of your organization, than you might request a SSAE 16 report from the service organization, that must undertake a SSAE 16 audit. The report can provide information to you or to your financial auditor about the effectiveness of controls operated by the service organization (which is typically necessary in case of Sarbanes-Oxley audits).

SOC Report types for SOC 1 and SOC 2 examinations

Type I – report on fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives (or trust services criteria) included in the description as of a specified date.

Type II – report on fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives (or trust services criteria) included in the description throughout the specified period.

Strategic Approach

Resources