There is a new auditing standard that
has been implemented, named SSAE 18, replacing previously in use standards like
SSAE 16 and SAS 70. Of course, there can be major challenge for companies to
integrate the new system in their routine work environment.
SSAE stands for Statement on
Standards for Attestation Engagements, developed by The American Institute of
Certified Public Accountants (AICPA) and the Auditing Standards Board (ASB).
According to AICPA Service Organization Control (SOC) reports are internal
control reports regarding the services provided by a service organization,
involving valuable information that users need to assess while addressing the
risks associated with an outsourced service.
The above theory clarifies that SSAE
is used to regulate how companies conduct their respective businesses and specifies
how companies report on compliance controls. These reports are of SOC 1, SOC 2,
and SOC 3.
Qadit, being a reliable provider of
IT security solutions provides SSAE 18Audit in India that involves one of the most effective ways of
communicating information that service organizations do about its controls to
user entities through Service Auditor’s Report. There are two types of Service
Auditor’s Reports:
1.
Type 1 and Type 2: SOC 1: These reports are furnished by the
service organizations, related to the activities and procedure undertaken that
have the potential to directly impact a client’s financials.
2.
Soc-2: This report evaluates the business information system
relating to security, availability, processing integrity, confidentiality, and
privacy.
3.
Soc-3: These reports can be used for
public distribution for example display on website etc.
No comments:
Post a Comment