Assurance Services Executive Committee and Task Forces
The Assurance Services Executive Committee (ASEC) addresses the needs of all AICPA members in evaluating the integrity and usefulness of information they produced by providing supporting assurance and advisory services to benefit clients, regulators and the public. ASEC continually strives to identify emerging risks, technologies, needs, and service opportunities.
ASEC and its related Task Forces create information guidance and whitepapers, for AICPA members, on various topics. Visit the Committee page or the individual Task Force pages for more information.
Federal Risk and Authorization Program
The Federal Risk and Authorization Management Program (FedRAMP) created a government-wide standardized approach for assessing, authorizing, and monitoring the security of systems providing cloud products and services to Federal agencies. Under this program, third party assessment organizations perform independent verifications of the security controls utilized by cloud service providers’ information systems. However, the reporting format prescribed by FedRAMP for third party assessments differs substantially from the format AICPA members currently use to report on controls at service organizations. The ASEC Trust Information Integrity Task Force formed a working group which has met with FedRAMP representatives on multiple occasions and has made significant progress in developing a reporting format that would comply with current AICPA reporting standards while also meeting the requirements of the FedRAMP program. A recent FedBizOpps notice announced, effective March 25, 2013, FedRAMP will stop accepting new application packages from organizations applying to become accredited Third Party Assessment Organizations and will not accept any resubmitted application packages from previous applicants in response to letters of non-conformity from the FedRAMP PMO. Any firms considering applying before March 25, 2013 should indicate in their application packages the report is subject to final approval between FedRAMP and the AICPA.