In April 2016, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued the Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification, to supersede the former standard SSAE 16.
This course will help you if your organization has the need to obtain or provide a SOC (Service Organization Control) report or if you wonder what changes the new SSAE 18 standard will bring to the process. SSAE 18 is effective for SOC report opinions dated on or after May 1, 2017 and early adoption is permitted. This course focuses on the specific requirements of SSAE18 and highlights changes from SSAE16.
In today’s economic environment, many companies utilize outsourced services to perform varied functions. These functions can span from payroll and accounts payable to information technology processes or even call center functions. The list can be endless however these services are often a critical component to the internal control environment of the organization.
A service organization should implement a robust third party vendor management policy, if one is not already in place. Often, initial vetting occurs of the subservice organization however that same diligence is not maintained as the service continues. It is just as important to ensure that subservice organizations are monitored on an ongoing basis using the methods outlined in SSAE 18.
Prerequisites
No advanced preparation or prerequisites are required for this course. It may be helpful to view the course Service Organization Control Reports under SSAE18 prior to taking this course.
Learning Objective
- Explore the requirements of Statement on Standards for Attestation Engagements (SSAE) No. 16.
- Explore the impetus of SSAE 18.
- Discover the meaning of subservice organizations.
- Recognize specific changes related to monitoring controls at sub-service organizations.
- Discover the concept of a more detailed risk assessment for subservice organizations.
- Discover the concept and requirements of complementary controls.
- Explore the modification to assertion criteria and written assertion.
- Explore the need for evidence provided by service organizations.
Last updated/reviewed: March 21, 2024
104 Reviews
Lesson Questions and Answers0 Questions
-
INTRODUCTION AND OVERVIEW
- Introduction to Understanding the Requirements of SSAE18 3:20
-
The Requirements of SSAE18
- SSAE 18 Intent 5:29
- Impact of Change 6:47
- Subservice Organization 2:41
- Modifications of SSAE 18 5:06
- Monitoring 2:46
- Risk Assessment 4:06
- Complimentary Controls 3:44
- Evidence 3:19
-
CONCLUSION
- Results 6:14
-
CONTINUOUS PLAY
- Understanding the Requirements of SSAE18 43:32
-
SUPPORTING MATERIALS
- Slides: Understanding the Requirements of SSAE18 PDF
- Understanding the Requirements of SSAE18 Glossary/Index PDF
-
REVIEW AND TEST
- REVIEW QUESTIONS quiz
- FINAL EXAM exam
Ask the instructor a question about this lesson