Have you ever read a press release that indicates that the organization is SSAE 16 or SOC certified? Have you ever wondered how to get your own “certification?” Unfortunately, there is no such thing, and a SOC/SSAE 16 “certification” is a common misconception of what a SOC report represents.
For companies that perform outsourced services, there are several reporting options that can be performed in accordance with the attestation standards issued by the AICPA. These reporting options do not result in a certification, nor do they make the organization SSAE 16 or SOC compliant. However, they do result in the service organization obtaining an independent auditor’s report that can be provided to customers and independent auditors of those customers. Service Organization Control (SOC) reports help demonstrate that the company has controls in place to address risks associated with the services it provides. Contractual requirements often stipulate that service providers obtain a SOC report on an annual basis.
Please visit the Schneider Downs Reporting on Controls at a Service Organization (SOC Reports) webpage for more information on the types of SOC examinations. Our experienced team of professionals can help you meet your customers’ requirements and prepare you for undergoing a SOC examination.
© 2014 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.