Service Organizations

Outsourcing is a critical function that can be done effectively and efficiently by an outside organization and is today an important aspect of doing business domestically and globally. These organizations are providing services to their customers that impact financial reporting processes. They are therefore often subject to audits of the processes executed on behalf of their customers.

Until recently, Statement on Auditing Standards (SAS) No. 70 was the governing standard for performing these audits, and giving the service organization a mechanism for providing an independent audit report to their customers and their customers auditors. SAS 70 was suspended and replaced by Statement on Standards for Attestation Engagements 16 (SSAE 16). SSAE 16 focuses on controls at service organizations likely to be relevant to a customer’s internal control over financial reporting. The standards became effective for reports with   periods ending on or after June 15, 2011.

Many countries do not have their own standard for performing such audits. This led to the creation of an international standard, International Standard on Assurance Engagements 3402 (ISAE 3402). The international standard provides a reporting option for service organizations with the need for a global attestation standard to deliver consistent reporting worldwide. While SSAE 16 and ISAE 3402 have some differences, they are substantially the same. We do not anticipate that many companies will early adopt the new US standard.

Benefits to Service Organizations

There are several benefits to service organizations to perform Sa SAE 16 service. An Auditor’s Report with an unqualified opinion that is issued by an Independent Auditing Firm differentiates the service organization from its peers by demonstrating the establishment of control objectives and effectively designed control activities. A Service Auditor’s Report can also build trust with user organizations (i.e., customers).

Without a current Service Auditor’s Report, a service organization may have to entertain multiple audit requests from its customers and their respective auditors. Multiple visits from user auditors can place a strain on the service organization’s resources. A Service Auditor’s Report ensures that all user organizations and their auditors have access to the same information and in many cases this will satisfy the user auditor’s requirements.

Further, a SSAE 16 engagement allows a service organization to have its control policies and procedures evaluated and tested (in the case of a Type II engagement) by an independent party. Very often this process results in the identification of opportunities for improvements in many operational areas.

Service Auditor’s Reports

One of the most effective ways a service organization can communicate information about its controls is through a Service Auditor’s Report. We provide the following services:

  • Service Organization Control Report (Type I)
  • Service Organization Control Report (Type II)

Report
Contents

Type I
Report

Type II
Report

1. Independent service auditor’s report (i.e. opinion)

Included

Included

2. Service organization’s description of its syste (including controls).

Included

Included

3. Information provided by the independent service auditor; includes a description of the service auditor’s tests of operating effectiveness and the results of those tests

Optional

Included

4. Other information provided by the service organization (e.g. glossary of terms).

Optional

Included

 

If you want your customers to trust your services, raise their confidence and distinguish your brand by giving a third party assurance report to your customers, call us at 703-594-4944. We have the global presence and expertise to provide a high quality Auditor’s Service Report.

Menu