Assurance and Advisory Services

    Trust Services and Information Integrity 

    The ASEC Trust Information Integrity Task Force is focused on updating and maintaining the Trust Services Principles and Criteria (TSPC) and creating a framework of principles and criteria to provide assurance on the integrity of information.

    Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs. The following principles and related criteria are used by practitioners in the performance of Trust Services engagements:

    • Security. The system is protected against unauthorized access (both physical and logical).
    • Availability. The system is available for operation and use as committed or agreed.
    • Processing integrity. System processing is complete, accurate, timely, and authorized.
    • Confidentiality. Information designated as confidential is protected as committed or agreed.
    • Privacy. Personal information is collected, used, retained, disclosed  and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA.

    The TSPC of security, availability and processing integrity are used to evaluate whether a system is reliable. The TSPC can be found in the AICPA Technical Practice Aids Volume 1.
    The task force has issued an exposure draft, dated  July 30, 2013,  of the Trust Services Principles and Criteria for public comment.  The TSPC for security, availability, processing integrity, and confidentiality  are being revised to increase the clarity of the criteria, eliminate redundancy amongst the criteria, and update the criteria based on the changing technology and business environment. The criteria related to the privacy principle are being revised separately and are not included in the exposure draft. The comment period ends on September 30, 2013.

    SysTrust and WebTrust are two specific branded assurance services offerings that are based on the TSPC.  Practitioners must be licensed by the Canadian Institute of Chartered Accountants (CICA) to use these registered service marks.  For more information on licensure see or contact Bryan Walker at

    The Task Force has developed the SOC 2 Guide, Reporting on Controls at a Service Organization Relevant to the Security, Availability Processing Integrity, Confidentiality or Privacy of User Entities Information- An Application of the Trust Services Principles and Criteria.  Learn more about Service Organization Control (SOC) reporting.

    In conjunction with the with the Canadian Institute of Chartered Accountants the task force recently issued  a white paper on Information Integrity.  The purpose of the paper is to define what information integrity means and provide context for it for users and preparers of information and providers of assurance on such information.  The white paper focuses on what it means for information to have integrity and how information integrity can be achieved and maintained.

    Technical Practice Aids

    Contains all outstanding AICPA Statements of Position, Practice Bulletins and Practice Alerts.

    Open Hide documents in this section

    Page  1 2 3 4
    Showing results 1 - 15 of 54
    Order by:

    Sustainability Assurance and Advisory Task Force

    Overview This page discusses initiatives by the Sustainability Assurance and Advisory Task Force.
    Published on September 15, 2014

    Continuous Assurance Working Group

    Article The Assurance Services Executive Committee (ASEC) Emerging Assurance Technologies Task Force is responsible for developing a conceptual framework and guidance to capitalize on emerging technologies affecting the business information supply chain, covering both internal and external reporting.
    Published on September 04, 2014

    Re-imagining Auditing in a Wired World

    White Paper The intent of this white paper is to offer insight into what the future reporting and auditing systems might resemble and how technology could be used to transform auditing.
    Published on August 13, 2014

    Service Organization Control (SOC) Reports

    Overview Service Organization Control  Reports® are internal control reports on the services provided by a service organization. SOC reports provide valuable information users need to assess and address the risks associated with an outsourced service. The AICPA provides tools and resources to CPAs, service organizations and user entities needed to build
    Published on August 08, 2014

    SOC Reports Information for CPAs

    Overview The AICPA has introduced SERVICE ORGANIZATION CONTROL REPORTSSM and identified 3 different engagements (SOC 1, SOC 2 and SOC 3) that involve reporting on controls at a service organization.
    Published on August 08, 2014

    Assurance Services Executive Committee

    Article About the Committee The Assurance Services Executive Committee's (ASEC) mission is to assure the quality, relevance, and usefulness of information or it
    Published on April 30, 2014

    Illustrative Type 2 SOC 2 SM Report with the Criteria in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CC...

    Sample Report The AICPA has developed an illustrative Type 2 SOC 2SM report to assist CPAs in reporting on the suitability of the design and operating effectiveness of a service organization’s controls relevant to security and availability based on the criteria for security and availability in TSP Section 100A, Trust Services Principles,
    Published on April 08, 2014

    Assurance and Advisory Services

    Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
    Published on April 01, 2014

    Trust Services Criteria Mapping 2009 to 2014.pdf

    Article This document outlines the mapping from the 2009 Trust Services Principle and Criteria to the newly revised 2014 edition.
    Published on March 18, 2014

    Audit Data Standard Working Group

    Article ASEC’s Emerging Assurance Technologies Task Force established the Audit Data Standard working group. The first three Audit Data Standards have been released: base standard, general ledger standard, and accounts receivable subledger standard.
    Published on February 18, 2014

    SOC 3

    Article Trust Services Report for Service Organizations SOC 3sm reports are designed to meet the needs of uses who want assurance on the controls at a service organization related to security, availability, processing integrity, confidentiality, or priva
    Published on January 06, 2014

    SOC 2

    Article A collection of reports to help users understand controls at service organizations as it relates to security, availability, processing integrity, confidentiality and privacy.
    Published on January 06, 2014

    Users and User Entities

    Article Many companies function more efficiently and profitably by outsourcing tasks or entire functions to service organizations that have the personnel, expertise, equipment, or technology to accomplish these tasks or functions. Examples of  such services
    Published on January 03, 2014

    BRAAS Team Project Timetable as of December 2013

    News Keep up with the Business Reporting, Assurance and Advisory Services team with this calendar of projects and initiatives.
    Published on December 09, 2013

    Accounting for the Sustainability Cycle

    White Paper Global interest in sustainability continues to evolve at a rapid pace on a very broad scope, including shifts to integrated reporting and assurance on sustainability reports. This proliferation has occurred largely without adequate representation from the accounting profession in the United States. Accordingly, this paper encourages accountants to
    Published on October 23, 2013

    Page  1 2 3 4
    Showing results 1 – 15 of 54
    Show Results per page
    Copyright © 2006-2014 American Institute of CPAs.