SSAE No. 16 Audit

Our SSAE No. 16 Team Delivers on the Promise of ensuring your clients that all regulatory requirements have been met.

In June 2011, the SSAE No. 16 replaced the SAS 70 as the standard for reporting on service organizations.

About Statement on Standards for Attestation Engagements - SSAE No. 16

The SSAE No. 16 was finalized by the Auditing Standards Board of the American Institute of Certified Public Acountants (AICPA) in January 2010. It was drafted to replace the SAS 70 as a more effective standard for reporting on service organizations, and to update the US service organization reporting standard so that it fits with the new international service organization reporting standard, ISAE 3402.

For those service organizations that have a performed SAS 70 audit, minor changes will be required to effectively report under the new SSAE No. 16 standard. Details are limited in this regard, and will be provided as they are released.

What you should know about the SSAE No. 16

The new standard is an attest standard, not an audit standard. Organizations should expect a separate audit standard to be issued addressing the requirements of the user auditor.
In the new reporting standards, management will be required to provide a written assertion.
Subservice organizations are required to provide a simliar assertion when the inclusive method is used.
Type 1 and Type 2 reports may still be issued by the service auditor.
Type 2 reports require the service auditor to express an opinion on the suitability of the design of controls related to the control objectives throughout the entire period. The format of the service auditor's opinion will change.
The service auditor is required to disclose any reliance on the work of Internal Audit or other independent management testing functions within the report.