SAS 70 / SSAE 16 User Control Considerations
What are user (also known as client or customer) control considerations and why are they in most SAS 70 / SSAE 16 audit reports? User control considerations or UCCs in the audit jargon are simply controls that reside at the service organization. These controls are usually delineated in the SAS 70 / SSAE 16 reports within their own report sub-section and/or next to the control objectives they...
Read MoreSAS 70 / SSAE 16 Audit – Type I vs Type II
What are the differences between a Type I and a Type II SAS70 / SSAE 16 audit report? This question often comes up when a service organization is considering their first SAS 70 / SSAE 16 audit. A Type I report is as-of a point in time (eg, September 30th) whereas a Type II report covers a period of time (eg, October 1, 2010 – September 30, 2011). Also, a Type I report only cover the...
Read MoreTesting Exceptions
What are testing exceptions and what is their role in the SAS 70/SSAE 16 audit? Testing exceptions are simply deviations from the expected result from testing one or more control activities. Consider the following example: Control Objective: Controls provide reasonable assurance that statement processing is appropriately scheduled and that deviations in processing are identified and...
Read MoreYour Data Center’s SAS 70/SSAE 16 Report is Not Enough
Recently, my business partner and I attended a national accounting industry conference with quite a few Software-as-a-Service (SaaS) providers exhibiting their services. For curiosity’s sake and since we are always looking for good clients, we asked them if they had a SAS 70 or SSAE 16 report. The initial answers were straight forward enough though after more questioning the answers were...
Read MoreSAS 70/SSAE 16 vs FISAP vs ISO 27002
Frequently there is a discussion from service organizations regarding which of these an organization should complete. Many service organizations get a significant amount of requests related to information technology controls and security. The requests come in different forms, whether it be for SAS 70 reports (changing to SSAE 16 reports after June 15, 2011), completed questionnaires, and...
Read MoreLinford & Company Methodology: Drafting the Audit Report Early
At L&C, we do two types of audits… SAS 70 audits and royalty licensing audits. Both of these are very different from the audits the clients of most accounting firms are accustomed to going through (such as financial statement audits). While the functional differences are obvious, one key difference that has a profound impact on the success and efficiency of the audit is widely...
Read MoreAbout Linford & Company
We are specialists in the performance of SSAE 16/SOC 1, SOC 2, and royalty audits across technical disciplines. We issue SSAE 16/SOC 1 and SOC 2 reports for a wide variety of service organizations that go to many of the largest user organizations in the world. We also perform royalty audits on some of the largest consumer brands in the world.
 |
Follow us on our blog where we provide information about our firm, insight on guidance relevant to our services. |
 |
Subscribe to our newsletter. |