SSAE 16 Engagements (Formerly SAS 70)
Many service organizations depend on the integrity of their control environment to serve and protect their customers and their business. Such services have been provided to clients in a number of industries, including for application service providers, managed services companies, co-location facilities, network service bureaus, financial institutions, data processing centers, bank trust departments, credit unions, collections agencies, benefit plan administrators, third party administrators, investment managers, hedge fund accounting services, payroll service bureaus, lockbox operations, and document solution providers.
Moss Adams provides high-quality verification of these control environments through SSAE 16 examinations. Engagements of this nature report on the effectiveness of the controls and safeguards in place, providing you with feedback that’s both independent and actionable. Our approach to staffing these audits is to combine industry-focused and seasoned auditors with operational and IT auditors capable of addressing your unique control environment requirements.
Related to our SSAE 16 service portfolio, we have extensive experience that includes:
-
SSAE 16 pre-audit gap analysis and readiness assessments
-
Coordination among management, user entities, and auditors
-
Coaching and review of client-prepared control objectives and narratives
-
Independent assistance to document client-defined control objectives and narratives
-
Transition management from SAS 70 to SSAE 16
-
SOC 1, SOC2 and SOC 3 examinations (both Type 1 and 2 audits)
Note that SAS 70 has now been superseded by SSAE 16 and ISAE 3042. These two new standards are relatively equivalent to SAS 70, though there are changes which impact examinations with periods ending on or after June 15, 2011. We are well-versed in the similarities and changes associated with SSAE 16 and are available to provide free consultation to guide you through the transition.