Assurance and Advisory Services

Assurance and Advisory 

Accounting & Financial Reporting
Industry Insights
Audit & Attest
Review, Compilation & Preparation
Assurance & Advisory

 

CPAs are constantly challenged to stay relevant and competitive. Services provided by CPAs on subject matter other than historical financial statements add significant value in the marketplace. The information and resources here will help you keep abreast of new and emerging reporting and assurance needs and will provide you with the needed measurement criteria, guidance, tools, education and other support to help you embrace new service opportunities.





System and Organization Controls (SOC) XBRL Assurance Audit Data Analytics
Guidance on SOC Suite of Services.
Guidance on the assurance of XBRL-related documents. Guidance and tools to help facilitate the use of audit data analytics.


Assurance Services Executive Committee and Task Forces

The Assurance Services Executive Committee (ASEC) addresses the needs of members by continually anticipating, identifying, assessing, and addressing evolving market needs and demand for assurance and advisory solutions.

ASEC and its related Task Forces create thought leadership, guidance and criteria, tools, and other member support on various topics. Visit the Committee page or the individual Task Force pages for more information.

 



Trust Services and Information Integrity

The Trust Services Criteria (TSC) are control criteria for use in attestation or consulting engagements to evaluate and report on controls over the security, availability, processing integrity, confidentiality, or privacy over information and systems (a) across an entire entity; (b) at a subsidiary, division, or operating unit level; (c) within a function relevant to the entity's operational, reporting, or compliance objectives; or (d) for a particular type of information used by the entity.

ASEC Trust Information Integrity Task Force is responsible for the Trust Service Criteria (TSC), including the technical accuracy, expanding its scope for entity-wide engagements, and developing related services that leverage the TSC.  
Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (control criteria), are intended for use by CPAs to  provide advisory or attestation services to evaluate the controls within an entity’s cyber risk management program (SOC for Cybersecurity), or for SOC 2® and SOC 3® engagements. Management also may use the trust services criteria to evaluate the suitability of design and operating effectiveness of controls.
 


Exposure Draft - Proposed Revision of Description Criteria for a Description of a Service Organization's System in a SOC 2(R) Report - Comments due September 7, 2017

Other Initiatives


Reporting on a PMA or an EPA for Electronically Prescribing Controlled Substances

The AICPA has developed illustrative reports to assist CPAs in reporting on whether a pharmacy management application (PMA) or an electronic prescription application (EPA) used for electronically prescribing controlled substances meets the criteria established by the U.S. Drug Enforcement Administration and whether an entity’s controls over the processing integrity and security of the PMA or EPA were operating effectively during the period covered by the report to meet the criteria for processing integrity and security included in TSP section 100.


Additional Resources
 
Other resources that may be of interest to AICPA members:

 

Copyright © 2006-2017 American Institute of CPAs.