A client working with a service organization will routinely have their financial statements audited. A Statement on Standards for Attestations Engagements 18 (SSAE 18) Service Organization Control (SOC) 1 report performed by R2R will give your client’s auditor the assurance that your IT controls are designed and operating effectively, and that these controls have a positive impact your client’s financial statements.
An SOC 1 report focuses on both business process controls and information technology controls and is restricted to use by your existing customers (not potential customers).
There are two different SSAE 18 audit reports available: Type I and Type II. R2R provides both types.
Audits Attestations Consulting
A Type 1 report provides an opinion as to whether or not your organization’s internal controls are designed effectively to achieve the related control objectives on a given date.
A Type II report contains the same information as a Type I report, but also includes testing of controls to support their operating effectiveness over a period of time. In addition, a Type II report describes the testing that is performed and the results of those tests.
SSAE 18 is the short name for Statement on Standards for Attestation Engagements No. 18. Attestation standards establish requirements and provide application guidance to auditors for performing and reporting on examination, review, and agreed-upon procedures engagements, including Service Organization Controls (SOC) attestations. SSAE 18 completely replaces SSAE 16 and many other SSAEs into a combined standard. The SSAE 18 examination helps to build ongoing and long-lasting trust between you and your client.
The SSAE 18 is NOT a certification. Neither was SSAE 16 or SAS 70 that preceded it. There is no such thing as an SSAE 18 certification and service organizations that use this terminology are merely misleading their clients and stakeholders. The SSAE 18 is only the name of the standard used by audit practitioners to perform a variety of attestation reports. Lastly, it is not specific to a certain type of attestation report (a la SSAE 16).
SSAE 18 includes changes in the following areas:
Most organizations cannot even think about outsourcing functions to a company who does not have a clean SOC 1 or SOC 2 Type II Report in place, especially since Vendor Management reviews are now required. Respect and trust regarding implemented internal controls are vital to clients who receive services from your organization. Think of the SSAE-18 audit as an annual investment into your company, increasing potential new clients and productivity. Additional benefits include the following.
R2R can attest to your service organization’s internal controls and will let your clients know that your internal controls are effective. We can walk you through the changes and the benefits to your organization and clients.