Service Organization Control (SOC)/SSAE 16 Reports
Best Practice Expertise That Provides A Competitive Edge
As a service provider seeking to differentiate yourself from your competitors, you understand the importance of demonstrating the establishment and effective operation of internal controls for your customers. SC&H Group can provide guidance as to which type of organization control report(s) your customers and their auditors need.
|Standard||SSAE 16: AICPA Guide (2011)||AT 101: AICPA Guide (2011)||AT101: Technical Practice Aid|
|Controls||Internal Controls over Financial Reporting||Security/Systems, Privacy||Security/Systems, Privacy|
|Controls reference||Undefined||Trust Services Principles/GAAP||Trust Services Principles/GAAP|
|Usage of Report||User auditor, management of service organization, management of user||Knowledgeable parties (see AT 101)||Anyone|
SC&H has significant audit expertise with SOC/SSAE 16 reporting frameworks. The SC&H audit team can address compliance mandates for reporting on controls at regulated service organizations:
- Data center business and backup services
- Financial services providers
- Internet network and security services
- Software-as-a-Service (SaaS) providers
- Third-party resellers using direct or other online services
Whether conducting the audit or working with other auditors, SC&H’s SOC/SSAE 16 audit practice works closely with a company’s auditing process, providing best practices assurance for thorough and timely reporting.