Palmer, Robert
ISSC471
Professor Davis
The SAS 70 standard was replaced by a new standard in June of 2011. Please research the new standard published by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). For week two assignment you are required to research the following: (1) Describe the SAS70 standard (2) Describe the SSAE16 standard (3) Compare and contrast SAS70 with SSAE16
SSAE 16 officially replaced SAS 70 as the audit standard for service companies. The change was needed for several reasons, but perhaps most important was to bring the SAS 70 audit standard more in line with Sarbanes-Oxley (SOX). SSAE 16, like SOX, requires the service provider to define their overall business and control processes, plus their assertion of effectiveness prior to a service audit. Then, the service auditors test and assess management’s statements and render an opinion as to their effectiveness. This process is similar to what publically traded companies must endure during their SOX audits: …show more content…
SSAE 16, just like SAS 70, does not outline the controls that must be covered in the assessment of IT controls. It is for the service provider to decide which controls are essential to the services being provided. And, the service auditor still issues a Type I or Type II report. Both report types rely on management’s description of controls, and the scope of each report is similar to that under SAS