Sep 9, 2021
RiskPro provides SSAE18 and other information security services. For more information, please visit our website.
seen from United States
seen from South Africa
seen from Austria
seen from China
seen from United States
seen from Kazakhstan
seen from Canada
seen from Austria
seen from Austria
seen from Sweden
seen from China
seen from China
seen from Germany
seen from Italy
seen from United States
seen from United Arab Emirates
seen from United States
seen from Germany
seen from United States
seen from Malaysia
RiskPro provides SSAE18 and other information security services. For more information, please visit our website.
Organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach.
Is your organization ready to switch from SSAE 16 to SSAE 18? There are four major differences to note with the incoming standard.
Protecting the #privacy of the financial information of schools and payers is our highest priority!
Transitioning to SSAE 16 Made Easy
SAS 70s are an important tool for companies to communicate the integrity of an organization’s services to their clients. But the hot topic among service providers this year has been the replacement of the SAS 70 with SSAE 16. The purpose of the change is to align the US with International Standard on Assurance Engagements No. 3042 (ISAE 3402). The new standard SSAE 16 only increases the value of an organization’s report by aligning it with international standards. So what is SSAE 16?
The SSAE 16 born in 2010 is an “attest” standard that closely mirrors its international “assurance” equivalent, ISAE 3402, which was issued by the International Auditing and Assurance Standards Board (IAASB), a standard-setting board of the International Federation of Accountants (IFAC). Formally named “The Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization” will supersede SAS 70s for periods ending on or after June 15, 2011. How does SSAE 16 impact client’s and their outsourcing partners?
SSAE 16 requires a written management assertion regarding the fairness and suitability of the controls over the current system described in a client’s report, ensuring that the risks are addressed. An essential part of SSAE 16 compliance is identifying and understanding the risks that could prevent management’s control objectives from being achieved.
If a client is utilizing an outsourced service provider (e.g. data center, asset manager, etc.) then they have two options for reporting information about their subservice organization(s) viz., Option A - Inclusive; Controls related to the subservice organization are included in the description of the system. Option B - Carve-out method; The nature and functions of the subservice organization are described, but the control activities performed by the subservice organization are not included in the description of the controls of the system. An important strategy when determining the method used is to determine if the subservice organizations have their own SSAE 16 report (i.e. SAS 70 report). This is where TalentPro scores over everyone else in the market.
When a business outsources a task, such as payroll processing, to another entity, their auditor will want to ensure that the quality and accuracy of the data produced by the service organization, is in line with the SSAE 16 requirements. . Practically speaking, a service organization becomes "compliant" with the new attest standard (SSAE 16) for which practitioners (i.e., auditors conducting the engagement) are using the new standards for reporting on controls.
TalentPro is one of the very few organizations which have implemented its own SSAE 16 report, making it easy to choose it as their Payroll subservice partner. For MNCs and trans-nationals that are making the switch to SSAE 16, this can be a big draw, since its makes their transition to the new system easier and smoother.