Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization, is an

Question:

Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization, is an auditing standard for service organizations. SSAE 16 was issued in April 2010, and became effective in June 2011. SSAE 16 is largely an American standard, but it mirrors International Standards for Assurance Engagements (ISAE) 3402, Assurance Reports on Controls at a Service Organization. SSAE 16 provides guidance to service auditors when assessing the internal control of a service organization and issuing a Service Organization Controls (SOC) report. There are two types of service organization controls reports. A Type 1 SOC report includes the service auditor’s opinion on the fairness of the presentation of the service organization’s description of controls in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type 2 SOC report includes the information contained in a Type 1 service report and also includes the service auditor’s opinion on whether the specific controls were operating effectively during the period under review (usually six months). SSAE 16 reporting can help service organizations comply with Sarbanes-Oxley’s requirement (section 404) to show effective internal controls covering financial reporting. It can also be applied to data centers or any other service that might be used in the delivery of financial reporting. Examples of service organizations are insurance and medical claims processors, trust companies, hosted data centers, application service providers (ASPs), managed security providers, credit processing organizations, and clearinghouses. Utilize the Knowledge Leader website and perform the following:
A. Authenticate to the Knowledge Leader website using your username and password.
B. Perform research and identify the circumstances under which obtaining a SOC report is justified. Explain the differences between a SOC 1 and a SOC 2 report. Determine when it would be appropriate to obtain a SOC 1 report versus a SOC 2 report. Submit a brief write-up indicating the results of your research to your instructor.

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question

Internal Auditing Assurance & Advisory Services

ISBN: 9780894139871

4th Edition

Authors: Urton L. Anderson, Michael J. Head, Sridhar Ramamoorti, Cris Riddle, Mark Salamasick, Paul J. Sobel

Question Posted: