Management Stack Announces SSAE 16 Preparation Services

04 May Management Stack Announces SSAE 16 Preparation Services

Posted in Management, News, SaaS by Craig Eversole 0 Comments
1 Like

When user organizations outsource business functions to a service provider, the risks of the service organization become risks of the user entities. Organizations that use service providers want to ensure the integrity and security of the system and company to which they are entrusting their data. Accordingly, user organizations are increasingly demanding that their service providers undergo an audit that ensures the effectiveness and reliability of their control environment. The result of such an audit, called a SSAE 16 examination, is the issuance of a Service Organization Control (SOC) report by a third party auditor.

SSAE 16 Preparation Program: Top Seven Benefits
  1. Overall time savings.  After completing the SSAE 16 Preparation Program, you will be able to enter the audit period armed with a sound, fully documented internal control framework.  This will not only significantly increase the likelihood of a favorable report, but will save management a tremendous amount of time during the audit.
  2. Educating your organization as to the commitment and resources required for a successful SSAE 16/SOC Examination
  3. Having an internal report for management to analyze the basis for an improved control structure
  4. Providing management an opportunity to remediate control deficiencies with a fresh, risk-based outlook
  5. Giving your organization time to address deficiencies in the control structure
  6. Allowing your organization to obtain answers regarding the impact of the changes to the controls and services that may affect the result of the engagement
  7. Defining the scope of the SSAE 16 examination through refinement of the results of the Preparation Program engagement

The bottom line is that often, in order to compete as a service provider, obtaining a SOC report is a competitive necessity. Many organizations that are going through a SSAE 16 examination for the first time are overwhelmed or just may not have the time to research and implement the proper internal controls and processes that are normally evaluated during a SSAE 16 examination. This often leads to a “qualified opinion”, a modification of the standard opinion language indicating issues with the presentation, design, and/or effectiveness of one or more of the control objectives. A qualified opinion communicates to user organizations and user auditors that they cannot place reliance on the controls supporting one or more areas of the service and/or SaaS organization.

Management Stack advisors will leverage their extensive experience to help you avoid common pitfalls that occur in SSAE 16 engagements.  We make specific recommendations to address potential shortfalls in the existing internal control environment. And, using a technology biased approach, we will help you identify and implement solutions to address the control deficiencies so that you will go into the audit armed with a sound, fully documented internal control framework.

This process alone is one of the most fundamentally important steps an organization can take and should be viewed as a useful and proactive undertaking for ensuring that you are actually ready for a SSAE 16 engagement.

 

The SSAE 16 Preparation Program will provide valuable information about audit scope, (i.e., systems being tested, physical locations to visit, the number of control objectives, etc.), remediation items (i.e., areas of deficiency, from an operational and technical perspective, such as policies and procedures, etc.), audit sampling, and education about expectations for the CPA firm conducting the SSAE 16 audit and preparing the SOC 1 report.

Tags:
, , , ,
Craig Eversole
Craig Eversole
[email protected]
No Comments

Sorry, the comment form is closed at this time.