SSAE 18 - It's Almost Here...What Are the SOC Reporting Implications?

In April 2016, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued the Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification.  The primary purpose of the standard is to address concerns over the clarity, length and complexity of the ASB attestation standards.  The new standard impacts certain concepts common to all attestation engagements, including, among others, examination engagements,  review engagements, agreed-upon procedures engagements and reporting on examinations of controls at service organizations relevant to user entities’ internal control over financial reporting (SOC 1).  The standard impacts reports dated on or after May 1, 2017.

From a service organization perspective, one of the larger impacts of the standard is the enhanced monitoring required over subservice organizations.  This monitoring can include, amongst others, holding periodic conversations with the subservice organization and reviewing SOC reports of the subservice organizations.  Another item of note, which may impact service organizations, pertains to the service auditor’s enhanced clarification on performing the risk assessment of the engagement.  This will most likely result in the service auditors making more inquiries of management, as well as getting management’s input on the risks of the organization.

Look for additional detail on SSAE 18 which will be forthcoming in future SD InSites.

Contact us with questions and visit the Our Thoughts On blog to get the latest developments impacting your industry. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Do Relocation Companies Require a SOC (System and Organization Controls) Report?
What has COVID-19 taught us about our businesses processes?
Risks to Consider When Reopening Your Branches
New EBP Auditing Standards Deferred Due to COVID-19
How Risk Management and Internal Audit Can Add Value in Light of the Current Pandemic: COVID-19 Risk Considerations
AICPA Provides Guidance for COVID-19 Considerations in a SOC Examination

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102