Skoda Minotti: CPAs, Business & Financial Advisors

RESOURCE CENTER

Blog 

Case Studies

Advisor Insights

Ask an Expert

Tip of the Month

Taxes Quick Guide

Rates, dates and requirements.

Special Delivery e-Newsletter

Quarterly Industry Reports

  • BDO Seidman Alliance
  • Weatherhead 100

  • SERVICES

    • Acct.Carney

    SSAE No. 16 Auditing

    Our SSAE No. 16 Team Delivers on the Promise of ensuring your clients that all regulatory requirements have been met.

    In June 2011, the SSAE No. 16 will replace the SAS 70 as the standard for reporting on service organizations.

    Statement on Standards for Attestation Engagements (SSAE) No. 16

    The SSAE No. 16 was finalized by the Auditing Standards Board of the American Institute of Certified Public Acountants (AICPA) in January 2010. It was drafted to replace the SAS 70 as a more effective standard for reporting on service organizations, and to update the US service organization reporting standard so that it fits with the new international service organization reporting standard, ISAE 3402.

    For those service organizations that have a performed SAS 70 audit, minor changes will be required to effectively report under the new SSAE No. 16 standard. Details are limited in this regard, and will be provided as they are released.

    What you should know about the SSAE No. 16

    • The new standard is an attest standard, not an audit standard. Organizations should expect a separate audit standard to be issued addressing the requirements of the user auditor.
    • In the new reporting standards, management will be required to provide a written assertion.
    • Subservice organizations are required to provide a simliar assertion when the inclusive method is used.
    • Type 1 and Type 2 reports may still be issued by the service auditor.
    • Type 2 reports require the service auditor to express an opinion on the suitability of the design of controls related to the control objectives throughout the entire period. The format of the service auditor's opinion will change.
    • The service auditor is required to disclose any reliance on the work of Internal Audit or other independent management testing functions within the report.

    More information will be shared as it becomes available.

    To discuss the revised standards and what this replacement means to your organization, call Ken Haffey at 440-449-6800.

     

    SAS 70 Auditing

    Our SAS 70 Team Delivers on the Promise of ensuring your clients that all regulatory requirements have been met.

    If you operate a service organization, your clients want to know that their information is secure. A SAS 70 Audit gives them that assurance.

    What is a SAS 70 Audit?

    SAS 70 refers to Statement on Auditing Standards No. 70, Service Organizations. The purpose of a SAS 70 audit is to publicize to the customers of your service organization that an audit has been conducted of your operations, especially general computer application controls and any application specific controls. This “single auditor” approach eliminates the need for multiple customers to perform audit procedures of processes that have been outsourced or contracted to your organization.

    There are two types of SAS 70 audits, Type I and Type II. A Type I report will comment on the design of internal controls as of a specific date. A Type II report will comment on the design and on the operating effectiveness of internal controls over a specified time frame. A Type II report is more in-depth and thus is considered more reliable due to the additional testing of controls.

    Our SAS 70 audit team will describe (and in the case of a Type II audit, test) the internal controls of your organization. Your clients have a vested interest in knowing that their information is under strict controls surrounding security, change management, data integrity, completeness and timeliness. A SAS 70 report provides this information and comfort to the client auditors that your organization has established appropriate oversight.

    Benefits of a SAS 70 Audit:

    • Market your service organization to existing and potential clients.
    • Provide information on the design and operating effectiveness of internal controls to your management and staff.
    • Obtain independent validation by a CPA firm of your control infrastructure.
    • Facilitate a culture and a measurement tool for continuous improvement goals.
    • Reduce costs of financial statement audits by completing internal control testing which may be relied upon by the external auditor.
    • Comply with any regulatory and/or client requirements (many clients subject to Sarbanes-Oxley reporting require SAS 70 audits of their service providers).

    We’d be glad to discuss with you the specific benefits a SAS 70 audit can have for your business. For more information, call Ken Haffey  at 440-449-6800.

    Looking for more Skoda Minotti Insights on Risk Management? Click here for an article from Smart Business Cleveland authored by our own
    Ken Haffey.