Business & Finance
SSAE 18 Preparation
When user organizations outsource business functions to a service provider, the risks of the service organization become risks of the user entities. Organizations that use service providers want to ensure the integrity and security of the system and company to which they are entrusting their data. Accordingly, user organizations are increasingly demanding that their service providers undergo an audit that ensures the effectiveness and reliability of their control environment. The result of such an audit, called a SSAE 16 examination, is the issuance of a Service Organization Control (SOC) report by a third party auditor.
The bottom line is that often, in order to compete as a service provider, obtaining a SOC report is a competitive necessity. Many organizations that are going through a SSAE 16 examination for the first time are overwhelmed or just may not have the time to research and implement the proper internal controls and processes that are normally evaluated during a SSAE 16 examination. This often leads to a “qualified opinion”, a modification of the standard opinion language indicating issues with the presentation, design, and/or effectiveness of one or more of the control objectives. A qualified opinion communicates to user organizations and user auditors that they cannot place reliance on the controls supporting one or more areas of the service and/or SaaS organization.
I will leverage my extensive experience to help you avoid common pitfalls that occur in SSAE 16 engagements. I make specific recommendations to address potential shortfalls in the existing internal control environment. And, using a technology biased approach, I will help you identify and implement solutions to address the control deficiencies so that you will go into the audit armed with a sound, fully documented internal control framework. The SSAE 16 Preparation Program is one of the most fundamentally important steps that you can take to help ensure that your org