Formerly known as a SAS 70 audit, the Statement on Standards for Attestation Engagements (SSAE) no. 16 is an in-depth examination of a service organization’s control objectives and control activities related to a user entity’s financial reporting. SSAE no. 16 is the new attestation standard developed by the AICPA for service organizations for reporting periods on or after June 15, 2011 and can only be performed by a CPA firm.
Firms that undergo an SSAE no.16 exam will receive a “SOC 1” report, which is a specific report on the controls at a service organization. This new reporting framework essentially replaces the SAS 70 report for service organizations. Similar to the SAS 70 reporting options, SOC 1 allows for a Type I or a Type II report. A Type I report opines as to the fair representation of a firm’s description of controls and whether or not they are suitably designed to achieve a firm’s control objectives. A Type II report goes a step further and opines on the effectiveness of the controls in place over a specific period of time.
The benefits of undergoing this type of examination are twofold. These types of reports are key for the independent auditors of a firm’s institutional clients as it allows them to rely on the controls the RIA has in place without having to actually test those controls themselves in the firm’s office. Additionally, many firms are seeing this request come up as part of their clients’ ongoing due diligence process as well.
Over the years, these types of examinations have become an industry wide standard for firms striving for best practices and demonstrates to clients that a firm has adequate controls and safeguards in place when processing client accounts.
As a CPA firm focused on providing services to the investment industry, Ashland Partners has been providing this type of service to advisers since 1998. Please contact one of our professionals for more information or with any questions regarding the benefits of a SSAE no.16 examination.