CIA of Infromation Security MobileIn April 2010, the AICPA published a new Attestation Standard, SSAE No. 16, which supersedes the existing guidance e.g. SAS 70 for performing an examination of a service organization's controls and processes. SAS 70 has been replaced by the new standard, SSAE 16, effective for reporting periods dated on or after June 15, 2011. Companies subject to the SSAE 16 include financial transaction processors, software vendors, third-party administrators, HR and benefits processors, and application service providers. Companies which are subject to compliance with Sarbanes-Oxley (SOX) and the Graham-Leach-Bliley Act (GLBA) and those with strong vendor management programs rely on these audit standards to understand the effectiveness of their service providers' internal controls.

Third party servicers can benefit by SSAE 16, as it can be used by a customer's financial statement auditor to determine reliance on controls in place at the service provider. SSAE 16 also provides existing customers with the operating effectiveness of the internal control environment. A strong internal control environment indicates to all potential customers that a company has a strong commitment to internal controls and transaction processing integrity. SSAE 16 also eliminates the need for many separate onsite audits by individual customers, as this satisfies a requirement by customers that an audit of internal controls be in place at their service provider.

At Turner and Associates, we have a strategic business alliance with several large CPA firms which allow us to offer this service at a preferred billable rate; which, results in deep discounted prices to our clients.