SSAE 18 - It's Almost Here...What Are the SOC Reporting Implications?

In April 2016, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued the Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification.  The primary purpose of the standard is to address concerns over the clarity, length and complexity of the ASB attestation standards.  The new standard impacts certain concepts common to all attestation engagements, including, among others, examination engagements,  review engagements, agreed-upon procedures engagements and reporting on examinations of controls at service organizations relevant to user entities’ internal control over financial reporting (SOC 1).  The standard impacts reports dated on or after May 1, 2017.

From a service organization perspective, one of the larger impacts of the standard is the enhanced monitoring required over subservice organizations.  This monitoring can include, amongst others, holding periodic conversations with the subservice organization and reviewing SOC reports of the subservice organizations.  Another item of note, which may impact service organizations, pertains to the service auditor’s enhanced clarification on performing the risk assessment of the engagement.  This will most likely result in the service auditors making more inquiries of management, as well as getting management’s input on the risks of the organization.

Look for additional detail on SSAE 18 which will be forthcoming in future SD InSites.

Contact us with questions and visit the Our Thoughts On blog to get the latest developments impacting your industry.