Download Our White Paper
“Moving Your Organization from SSAE 16 to SSAE 18”
This whitepaper breaks down the most important pieces of information you need to know regarding this update.
Why is a SOC 1 Report So Important?
A customer working with your service organization will routinely have their financial statements audited. A Statement on Standards for Attestations Engagements 18 (SSAE 18) Service Organization Control (SOC) 1 report performed by I.S. Partners LLC will give your customer’s auditor the assurance that your service organization’s controls are designed and operating effectively, and that these controls do not negatively impact your customer’s financial statements.
A SOC 1 report focuses on both business process controls and information technology controls, and is restricted to use by your existing customers (not potential customers).
What Types of SOC 1 Reports Are Available?
I.S. Partners LLC provides two kinds of SSAE 18 audit reports: Type I and Type II.
Type I
A Type 1 report states an opinion that your organization’s internal control system is designed suitability to achieve the related control objectives on a specified date.
Type II
A Type II report contains the same information as a Type I report, but with the added testing of the controls to prove their operating effectiveness over a period of time. A Type II report describes the testing that is performed and the results of those tests.
What is the SSAE 18 Examination?
As the basis for the Service Organization Controls (SOC) 1 report, the Statement on Standards for Attestation Engagements (SSAE) No. 18, which replaced SSAE No. 16 as of May 1, 2017, assures your customers’ auditors that your service organization controls are well-designed and operating smoothly. The SSAE 18 examination helps to build ongoing and long-lasting trust between you and your customer.
How is SSAE 18 Different From SSAE 16?
While the SSAE 16 was specific to SOC 1 audits, SSAE 18 is an umbrella standard that applies to most types of attestation engagements, clarifying and formalizing requirements to enhance their reporting potential. The SSAE 16 examination will no longer be referred to as an SSAE 16 examination but will simply be known as a SOC 1 examination.
SSAE 18 features significant changes in the following areas:
- Vendor management
- Risk assessment
- Complementary subservice organization controls
- Data validation
Why is the SSAE 18 Update Important
The SSAE 18 update is important because it responds to the needs of third-party service providers and respective changes in the business environment. Over the past several years, an increasing number of service organizations have completed SOC 1 examinations to satisfy customer demand and industry pressure.
Benefits of a SOC 1 Report
Respect and trust regarding implemented internal controls are vital to customers who receive services from your organization.
With the changes from SSAE 16 to SSAE 18, your service organization can benefit in the following ways:
IS Partners, LLC can attest to your service organization’s internal controls and will let your customers know that your internal controls are effective. We can walk you through the changes and the benefits to your organization and customers.
I.S. Partners Seal of Approval
The I.S. Partners “seal of excellence” is granted to SOC 1 – Type I and Type II recipients with unqualified audit opinions. For Type I recipients, the seal indicates that controls are designed effectively. For Type II recipients, controls are designed and operating effectively. The seal is illustrated on the audit opinion letters and is made available for posting on the recipient’s website and/or marketing literature. Let our specialists learn more about your needs in order to provide you with an accurate quote!
Start the process of obtaining your SOC 1 Seal of Excellence by requesting a quote.
Frequently Asked Questions
- What is the difference between a Type I audit and a Type II audit?
A Type I audit results in a report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specific date. A Type II audit is the same as a Type I audit but with a report on the operating effectiveness of the controls throughout a specified period.
- Why is I.S. Partners qualified to perform SOC audits?
I.S. Partners, LLC is a Certified Public Accounting firm registered with the AICPA (American Institute of Certified Public Accountants) and PCAOB (Public Company Accounting Oversight Board), and is managed by a group of highly-seasoned partners who have vast experience in performing SAS 70 / SSAE 16 / SOC audits, FISMA, HIPAA HITECH, Sarbanes-Oxley (Section 404) management self-assessments, Model Audit Rule compliance, and other specialized information technology audits.