Service Organizations: Applying SSAE No. 16, Reporting on Controls at a Service Organization Guide (SOC 1)

This new guide is for CPAs reporting on controls at a service organization that affect user entities’ internal control over financial reporting. It is designed to assist CPAs in transitioning from performing a service auditor’s engagement under Statement on Auditing Standards (SAS) No. 70, Service Organizations, to doing so under Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization,which replaces the guidance for service auditors in SAS No. 70.

With the growth in business specialization, many entities outsource tasks or functions to other entities (service organizations). In some cases, the service organization generates data or other information that is incorporated in the user entity’s financial statements. Because the auditor is responsible for auditing all the information in the user entity’s financial statements, including the information generated by the service organization, the auditor must find a way to obtain evidence about the financial statement assertions affected by the service organization. One of the most efficient ways of doing so is to obtain a service auditor’s report, which provides information and an independent CPA’s opinion on whether the service organization’s description of its system is fairly presented, and whether the controls over that system were suitably designed (and in a type 2 report operating effectively). The controls addressed in SSAE No. 16 are those a service organization implements to prevent, or detect and correct, errors or omissions in the information it provides to user entities. SSAE No. 16 is effective for service auditors’ reports for periods ending on or after June 15, 2011, with earlier implementation permitted.

One of the biggest differences introduced by SSAE No. 16 is that the service auditor is required to obtain a written assertion from management of the service organization about the matters the CPA is reporting on. To help CPAs and management accomplish this aspect of the engagement, the guide includes an illustrative management assertion for a type 1 report and a type 2 report. In addition, the guide contains over 20 illustrative service auditor’s reports for the various situations that may require modification of the report. The guide contains chapters on planning, performing, and reporting on a service auditor’s engagement, SSAE No. 16 itself, illustrative type 1 and type 2 reports, management representation letters and control objectives for various types of service organizations. This guide also assists service auditors in understanding the kinds of information auditors of the financial statements of user entities need from a service auditor’s report.

How should CPAs prepare for SOC engagements?
Rob Miller, Assurance Partner, Braver P.C., Needham, MA.

If purchasing this title as an eBook, please note that it is intended for a single user. An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date. Download the file before this time elapses. Before downloading your eBook, you must:

• Download and activate Adobe Digital Editions^® - a free program for accessing eBooks
• Return to CPA2Biz.com and go to My Account > My Downloads
• Click the eBook title to download and open automatically in Adobe Digital Editions

Note: To access your eBook on a smartphone, tablet or other reading device, see our FAQ. This product is refundable within 10 days of your purchase date. For more information about this product or service concerns, please contact the CPA2Biz/AICPA Service Center at service@cpa2biz.com or call 888-777-7077.