Testing Exceptions

Posted by on Jan 5, 2011 in Blog | 0 comments

What are testing exceptions and what is their role in the SAS 70/SSAE 16 audit? Testing exceptions are simply deviations from the expected result from testing one or more control activities. Consider the following example: Control Objective: Controls provide reasonable assurance that statement processing is appropriately scheduled and that deviations in processing are identified and...

Read More

Your Data Center’s SAS 70/SSAE 16 Report is Not Enough

Posted by on Nov 8, 2010 in Blog | 0 comments

Recently, my business partner and I attended a national accounting industry conference with quite a few Software-as-a-Service (SaaS) providers exhibiting their services. For curiosity’s sake and since we are always looking for good clients, we asked them if they had a SAS 70 or SSAE 16 report. The initial answers were straight forward enough though after more questioning the answers were...

Read More

SAS 70/SSAE 16 vs FISAP vs ISO 27002

Posted by on Oct 16, 2010 in Blog | 0 comments

Frequently there is a discussion from service organizations regarding which of these an organization should complete.  Many service organizations get a significant amount of requests related to information technology controls and security. The requests come in different forms, whether it be for SAS 70 reports (changing to SSAE 16 reports after June 15, 2011), completed questionnaires, and...

Read More

SAS 70 Out (Soon), SSAE 16 In

Posted by on Apr 15, 2010 in Blog | 2 comments

Did you know SAS 70 Standard is Changing? In an effort to clarify standards and converge with international standards, changes to SAS 70 requirements have been  made by the AICPA. The new standard is Statements on Standards for Attestation Engagements (SSAE) 16 or SSAE 16. These changes, which affect the service organization and the service auditors completing the SSAE 16 engagement, will be...

Read More