Comments for Linford & Company LLP

Comment on SAS 70 Out (Soon), SSAE 16 In by SSAE 16

SSAE 16 — Mon, 19 Apr 2010 03:35:37 +0000

Staying on top of the new standard and terminology can be difficult. I will be updating my blog regularly to include topics of interest and background information related to SSAE 16.

If you have any input feel free to add some comments on my site.

Comment on SAS 70 Audit Report Coverage Periods by Newel

Newel — Fri, 16 Apr 2010 04:18:22 +0000

True comments. Thank you for your posts.

Comment on SAS 70 Audit Report Coverage Periods by SSAE16

SSAE16 — Fri, 16 Apr 2010 04:07:21 +0000

Your organization should expect next year’s audit report to be an SSAE No.16 as opposed to a SAS70, with some more responsibilities for management!

Comment on SAS 70 Audit Report Coverage Periods by SSAE 16 Help

SSAE 16 Help — Fri, 16 Apr 2010 03:59:18 +0000

SSAE 16 will require some additional work on management’s behalf, if you are currently a service organization needing a sas 70 you should check with your auditing firm on this.

Comment on Service Organizations by Newel Linford

Newel Linford — Fri, 16 Apr 2010 03:40:40 +0000

Sure do. The AICPA have not posted the new SSAE 16 in the Attestation Standards section yet (I expect they will soon); however, they have posted the ASB meeting items which include a clean SSAE 16 at the following link:

http://www.aicpa.org/download/auditstd/20100111_Agenda_Materials/1A.pdf

Copy and paste that link into your address bar of your browser and it’ll take you right there.

Comment on Service Organizations by SSAE 16

SSAE 16 — Fri, 16 Apr 2010 02:26:24 +0000

Do you have info on ssae 16 yet?

Comment on Subservice Organizations and the Carve-out or Inclusive Method by Newel Linford

Newel Linford — Fri, 02 Apr 2010 16:20:42 +0000

1 – Correct. The service organization is not relieved of their responsibilities for monitoring the sub-service organizations. Especially sub-service organizations that perform moderate to extensive functions for the service organization. Monitoring in this scenario usually takes the form of monitoring service-level agreements or other relevant metrics and following up on deviations.

Comment on Subservice Organizations and the Carve-out or Inclusive Method by Kimberley Laris

Kimberley Laris — Fri, 02 Apr 2010 00:53:14 +0000

The #1 question is – does the services provider evaluate the adequacy of controls at sub-services providers? If that is not happening in any way, shape, or form, there are big monitoring concerns to address in the provider’s SAS 70. The client should not turn their SAS 70 auditor into their monitoring control; the auditor should not be the first to find out that there is a problem at a sub-services provider. Sub-services providers need to be monitored by the provider purchasing services when they sub-source services. It is the sub-services provider’s job to provide evidence of adequate controls – just like the services provider does for their customers by obtaining a SAS 70 for them.