Ensuring That Unmitigated Risks Do Not Become the Achilles' Heel for Service Organizations and Their Customers


By Heather Haemer

With the June 15, 2011 implementation deadline now here, service organizations must address the new requirements imposed by Statement on Standards for Attestation Engagements (SSAE) 16. One such requirement is that management identifies the risks that threaten the achievement of the control objectives stated in the description of the service organization’s system.

While SSAE 16 states that this process may be formal or informal, as a best practice and to ensure that all such risks have been identified, management of service organizations should strongly consider implementing a formal process to document the identification of these risks. Such a process would address the points in processing, recording, and reporting customer information and transactions where something could go wrong, and identifying the controls that the service organization has implemented to prevent or detect the “what could go wrongs” from occurring.

By using a formal risk assessment process, service organization management will have documentation in place to support the management assertion required by SSAE 16. In addition, the risk assessment documentation would highlight any unmitigated risks. A formal process would allow service organization management to evaluate whether the unmitigated risks could result in undesirable or even detrimental effects to the service organization or its customers. In addition, it will give them the opportunity to take the appropriate measures to address unmitigated risks before they become the Achilles’ heel for the service organization and its customers.

© 2011 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.


Schneider Downs provides accountingtax, wealth management, technology and business advisory services through innovative thought leaders who deliver the expertise to meet the individual needs of each client. Our offices are located in Pittsburgh, PA and Columbus, OH.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax-related matter.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.