Keys of SOC Reports: Following SSAE 18 Requirements

Overview

Today's businesses have seen a dramatic increase in the use of outsourced providers to assist with executing processes From payroll, accounts payable, information technology, benefit plan administration & many other core processes. These processes ultimately have an impact on an organization's internal control over financial reporting but also could impact compliance & operational issues

In 2011, the Statement on Standards for Attestation Engagements (SSAE) 16 replaced the former Statement on Auditing Standards (SAS) 70. In May 2017, a new standard, SSAE 18, superseded SSAE 16

The concepts covered in this course are referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should understand the various types of SOC reports, their intended use & their implication on a company’s financial reporting process, regardless of your status as a publicly traded or privately held organization. The process can be complicated to understand as a user organization. Currently, several types of SOC Reports exist including:

SOC 1: Type 1 SOC 1: Type 2 SOC 2: Type 1 SOC 2: Type 2 SOC 3 Cybersecurity SOC

This course speaks briefly to the transition From SAS 70 to SSAE 16 & now SSAE 18. However, the focus is on the various Service Organization Control Reports, their purposes & uses