Audit Considerations Relating to an Entity Using a Service Organization (Redrafted) will amend and replace SAS 70, Service Organizations (AICPA, Professional Standards, vol. 1, AU sec. 324). SAS 70 previously contained guidance for auditors auditing the financial statements of entities that use a service organization (user auditors) and for auditors reporting on controls at a service organization (service auditors). SAS 70 will contain guidance for user auditors only. SSAE 16 serves as the guidance for service auditors.
SSAE 16 is applicable for reports for periods on or after June 15, 2011, although earlier implementation is permitted. Key changes that service organizations should be aware of include a requirement that management of the service organization provide a written assertion and that management identify risks that threaten the achievement of the control objectives stated in the description of the service organization’s controls. Other existing requirements of service organization management that were included in the SAS 70 guidance still apply.
SSAE 16 also contains changes that service auditors will need to understand and apply when reporting on controls at a service organization, although overall, it does not appear that the changes will have an extreme impact on how service auditors will perform these engagements.
Schneider Downs provides accounting, tax, wealth management and business advisory services through innovative thought leaders who deliver the expertise to meet the individual needs of each client. Our offices are located in Pittsburgh, PA, and Columbus, OH.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax-related matter.