This SSAE 16 checklist is geared towards service organizations that have never undergone a SSAE 16 audit. The information below contains some suggestions and things to think about before selecting a vendor for the SSAE 16 audit.
Do Your Research.
You may have reviewed our website, so you have begun the process of researching an SSAE 16 and the responsibilities that come with undergoing the audit. We suggest to research as much information as you can, perhaps even to log on to the AICPA website for details information on the SSAE 16 audit.
Find a Few CPA Firms Who Specialize In Performing an SSAE 16 Audit.
You will want to research a couple of firms who are experienced and capable of guiding you through the audit and signing off on your SSAE 16 Report, which only licensed CPA firms are permitted to do. This process should be handled with the utmost care as you are putting a lot of trust into the company you choose. They make or break you!
Some Things to Consider:
- The size of your company – you may not be able to afford a large CPA firm.
- The clientele you are attracting – you may want to select a firm who understands your service and industry.
- Total SSAE 16’s or past SAS 70’s performed – you do not want to use a company who has never done such work in the past, unless they are comprised of former employees of another firm, and may have started their own firm.
- The methodology employed – You will want to interview the companies and gain comfort around their methods, and ensure you are comfortable with their responses and your research. An on-site meeting or conference call is suggested.
Narrow Your Search.
- Based upon how you feel about each company, the people, the methodology, their previous experience, and of course, cost; you should narrow down your search to the top one or two companies you are looking to engage.
- Pricing for an SSAE 16 audit can vary greatly depending upon the company performing the work and the size of your organization; however, don’t expect to pay any less than $13,000.00 for the audit.
- You should look for a fixed rate fee so there is no potential for the audit firm to raise its rates on you as the project progresses.
Define the Scope.
Once you have engaged a firm to perform the work, make sure that you define the scope of the audit early on in the process. Not doing so could lead to excessive delays and potential cost overrun
Define Your Control Objectives and Activities.
In conjunction with your CPA firm, define the controls to be tested and make sure that they have been reviewed by process owners and any of the stakeholders at the CPA firm who may be reviewing and/or signing off on the report to ensure everyone is in agreement.
These steps will set you on your way to getting your SSAE 16 started and should help guide you through some of the challenges of the process. Once you have completed all of the steps we have suggested, you should be able to rely on the knowledge of your CPA firm to take you through a successful audit.