SSAE 16 / SOC 1 Audits
The Statement on Standards for Attestation Engagements 16 is commonly known as the SSAE 16 attestation and is the next generation of SAS 70 audits. Attestation engagements such as these are also referred to as Service Organization Compliance 1 (SOC 1) reporting engagements. SSAE 16 / SOC 1 is a compliance attestation that provides a service organizations user entities and their auditors with third party assurance that the controls at the service organization relevant to the user entities are a fair presentation of the description, suitability of design and in a type 2 report, are operating effectively throughout the period of the report. In addition, in a type 2 report a description of our testing of the controls and the related results is included.
We offer high quality, rigorous, best-in-class service to prepare for and perform the SSAE 16 attestation process and report.
Lurie Besikof Lapidus & Company, LLP provides SSAE 16 / SOC 1 attestation services for the following industries:
- Information Technology
- Healthcare
- Insurance and Claims Processing
- Government and Public Services
- Financial Services
- Credit Card Collection and Payment Processing
- Communications
- Energy and Utilities
- Professional Services
- Transportation and Logistics
SSAE 16 / SOC 1 attestation basics
- SSAE 16 / SOC 1 is an attestation standard of practice and reporting from the American Institute of Certified Public Accountants (AICPA).
- SSAE 16 / SOC 1 can be either a Type I or Type II audit.
- SSAE 16 / SOC 1 Type I reports on internal controls that are placed in operation during a specific time period, and the design effectiveness of those controls.
- SSAE 16 / SOC 1 Type II reports on detailed testing of internal controls and their effectiveness over a specific time period, usually 6 to 12 months.
- SSAE 16 / SOC 1 attestation engagements can only be performed by a CPA or CPA firm, such as Lurie Besikof Lapidus & Company, LLP, and must adhere to AICPA standards. CPA firms also undergo periodic peer reviews to ensure audits are conducted in compliance with AICPA standards.
Why an SSAE 16 / SOC 1 attestation engagement may be needed
- Required for service organizations who receive outsourced critical business functions
- Required as due diligence to comply with the following legislation:
- Sarbanes-Oxley Act of 2002 (SOX)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Gramm-Leach-Bliley Act of 1999
- Other regulatory requirements
- Used as an effective compliance tool for examining and testing a service organization’s information system and its related internal controls
What's the benefit of an SSAE 16 / SOC 1 attestation?
- Provides customers with an independent, third-party verification about the integrity, reliability, effectiveness and security of processing services
- Distinguishes the service organizations from their competitors
- Provides similar benefits to an internal audit
- Can improve or sustain business relations between service organizations and their customers
Who uses the SSAE 16 / SOC 1 reports?
- Service organization management
- User organization financial auditors, for functions that may impact the user’s financial statements
What are the steps in the attestation process?
We use the following process to perform SSAE 16 / SOC 1 attestation engagements:
- Initial consultation
- Planning and preparation
- Field work
- Reporting
- Ongoing support
What to look for in an audit firm?
We have the attributes required to perform SSAE 16 / SOC 1 attestation engagements:
- Experience in performing SSAE 16 / SOC 1 attestation engagements
- Relevant industry experience
- Skilled audit professionals who understand the business and information technology controls and processes
- Availability of resources
- Ability to deliver comprehensive, timely reports
- Project management skills
All Services
Tax Accountant Minneapolis
