SAS 70 / SSAE 16 User Control Considerations
What are user (also known as client or customer) control considerations and why are they in most SAS 70 / SSAE 16 audit reports? User control considerations or UCCs in the audit jargon are simply controls that reside at the service organization. These controls are usually delineated in the SAS 70 / SSAE 16 reports within their own report sub-section and/or next to the control objectives they...
Read MoreSAS 70 / SSAE 16 Audit – Type I vs Type II
What are the differences between a Type I and a Type II SAS70 / SSAE 16 audit report? This question often comes up when a service organization is considering their first SAS 70 / SSAE 16 audit. A Type I report is as-of a point in time (eg, September 30th) whereas a Type II report covers a period of time (eg, October 1, 2010 – September 30, 2011). Also, a Type I report only cover the...
Read MoreTesting Exceptions
What are testing exceptions and what is their role in the SAS 70/SSAE 16 audit? Testing exceptions are simply deviations from the expected result from testing one or more control activities. Consider the following example: Control Objective: Controls provide reasonable assurance that statement processing is appropriately scheduled and that deviations in processing are identified and...
Read MoreAbout Linford & Company
We are specialists in the performance of SSAE 16/SOC 1, SOC 2, royalty, and HIPAA/HITECH compliance audits across technical disciplines. We issue SSAE 16/SOC 1 and SOC 2 reports for a wide variety of service organizations that go to many of the largest user organizations in the world. We perform royalty audits on some of the largest consumer brands in the world. Our healthcare team has provided HIPAA/HITECH compliance audits to both covered entities (e.g., hospitals, dental practice groups, etc.) and business associates (e.g., IaaS, PaaS and SaaS, among others).
 |
Follow us on our blog where we provide information about our firm, insight on guidance relevant to our services. |
 |
Subscribe to our newsletter. |