The SSAE 16 Compliance Procedure (formally SAS 70) ensures the SSAE 16 compliance status of third-party financial service providers is verified and on record. SSAE 16 effectively replaces SAS 70 as the official guidance for reporting on service organizations.
The SSAE 16 Compliance Procedure saves the company from having to conduct an audit of each of its financial service providers. It applies to the Finance and Accounting Departments, and all departments that employ, use, or contract outside financial services. (6 pages, 1249 words)
SSAE 16 Compliance Responsibilities:
The CFO (Chief Financial Officer) is responsible for verifying that providers of financial services comply with SSAE 16.
Department Managers are responsible for providing information to the CFO about financial service providers to their department.
SSAE 16 Definitions:
SSAE 16 – Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. An SSAE 16 report is also referred to as a Service Organization Controls (SOC) report.
Third Party Financial Service Provider – Any external organization or company that provides financial related services to the company for company’s financial or accounting operations (for example payroll, bookkeeping, accounting).
SAS 70 – (Statement on Auditing Standards No. 70). A recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for financial service providers. SAS 70 Certification represented that a service provider’s control activities had been audited and a Service Auditor’s Report was available. This report typically satisfied audit requirements for service providers.