The CFO should ensure the creation of a SSAE 16 Compliance Checklist. The first section of the checklist should consist of a list of company departments and locations that may use financial service providers. The CFO should request a list of all financial service providers from each department listed in Section I of the AC1010-1 SSAE 16 COMPLIANCE CHECKLIST. The CFO and Controller should coordinate in listing the financial service providers used by the Accounting and Finance Department. The following information should be recorded on the checklist:
The CFO should compare the list of submitted financial service providers with the company’s Approved Vendor list, verifying that all financial service providers are listed on the SSAE 16 Compliance Checklist Template, and add any providers not already listed. The CFO should also send each financial services provider listed on the form a request for written verification that the service provider is SSAE 16-compliant and verify that they can provide a Service Auditor’s Report upon request.
The CFO should review AC1010-1 ten days prior to an external audit to verify that all service providers on the checklist have replied that they are compliant and will provide a Service Auditor’s Report on request. A written notice should be sent to any provider who has not responded or responded negatively (e.g., not compliant, SAR unavailable) that they will be subject to an audit by the company’s external auditor unless they respond immediately with a written notice that they are SSAE 16-compliant and can provide an SAR, if required.