Transition from SSAE 16 to SSAE 18

Overview

In April 2016, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued the Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification, to supersede the former standard SSAE 16

This course will help you if your organization has the need to obtain or provide a SOC (Systems Organization Control) report or if you wonder what changes the new SSAE 18 standard will bring to the process. SSAE 18 is effective for SOC report opinions dated on or after May 1, 2017, and early adoption was permitted. This course focuses on the specific requirements of SSAE18 and highlights changes from SSAE16

In today’s economic environment, many companies utilize outsourced services to perform varied functions. These functions can span from payroll and accounts payable to information technology processes or even call center functions. The list can be endless however these services are often a critical component to the internal control environment of the organization

A service organization should implement a robust third-party vendor management policy if one is not already in place. Often, initial vetting occurs of the subservice organization however that same diligence is not maintained as the service continues. It is just as important to ensure that subservice organizations are monitored on an ongoing basis using the methods outlined in SSAE 18.

Highlights

• SSAE 18 Intent
• Impact of Change
• Subservice Organization
• Modifications of SSAE 18
• Monitoring
• Risk Assessment
• Complimentary Controls
• Evidence

Prerequisites

None

Designed For

Any professional working with Service organizations that prepare a SOC report or any individual working for a service organization who prepares a SOC report. CFOs, CEOs, financial professionals, legal professionals.

Objectives

• Explore the requirements of Statement on Standards for Attestation Engagements (SSAE) No. 16
• Explore the impetus of SSAE 18
• Discover the meaning of subservice organizations
• Recognize specific changes related to monitoring controls at sub-service organizations
• Discover the concept of a more detailed risk assessment for subservice organizations
• Discover the concept and requirements of complementary controls
• Explore the modification to assertion criteria and written assertion
• Explore the need for evidence provided by service organizations

Preparation

None

Notice

This course is offered by a 3rd party vendor and will not be accessible in the My CPE Tracker section of the ISCPA website. Course access information will be emailed directly to you by Accounting Continuing Professional Education Network (ACPEN).