In: Operations Management
Summarize the purpose, approach, goals, and scope of SSAE 18.
Statement on Standards for Attestation Engagements is an auditing standard for service organizations and SSAE 18 came after SSAE 16. In April 2016, American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued SSAE 18. This is valid for report dates of May 1 2017 and after.
Now, what are this attestation standards? They establish requirements and provide application guidance to auditors for performing and reporting on examination, review, and agreed-upon procedures engagements, including Service Organization Controls (SOC) attestations. SSAE 18 completely replaces SSAE 16 and many other SSAEs into a combined standard.
There are changes in SSAE 18 that affects the fashion in service organizations deal with sub-service organizations. Under this a service organization should
Identify all sub-service organizations
Include description of sub-service organization controls that the service organization relies on to provide the primary services to its customers.
SSAE 18 requires that
Monitoring controls could include one or any combination of the following: