Service Organizations Publications 


    Whether you are an auditor of an entity that uses service organizations or an auditor issuing reports on the controls of service organizations, it is critical to understand the complexities of service organizations, including the functions they performed, the related controls, and their effects on an entity’s financial statements. AICPA publications provide information on recent developments, guidance, and practice aids to assist practitioners when working with service organizations, including
    • reporting under Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, which replaces the guidance for service auditors in SAS No. 70.
    • discussions on planning, performing, and reporting on a service auditor’s engagement.
    • SSAE No. 16 itself.
    • illustrative type 1 and type 2 reports.
    • management representation letters and control objectives for various types of service organizations.
    • understanding the kinds of information auditors of the financial statements of user entities need from a service auditor’s report.
    • matters to be considered and procedures to be performed by the service auditor in planning and performing the engagement to test (1) the fairness of the presentation of management’s description of the service organization’s system; (2) the suitability of the design and operating effectiveness of the controls included in the description; and (3) in a SOC 2 engagement that addresses the privacy principle whether the service organization complied with the commitments in its statement of privacy practices.
    • the service auditor’s responsibilities when reporting on a SOC 2 engagement.
    • cloud computing.

    Guide Service Organizations: Reporting on Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting (SOC 1)

    Availability




    Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2SM)

    Availability


    Alert Service Organization Control Reports®: Considerations for User and Service Auditors

    Availability


    Practice Aid Using SOC 1SM Report in Audits of Employee Benefit Plans

    Availability

    Product Image


    AICPA Online Professional Library

    When you subscribe to any one of the many subscription options on AICPA Online Professional Library, you're not only getting access to the most up-to-date guidance and tools, you are also linked to all of the relevant and related literature, including the FASB and GASB libraries.

    Many publications and libraries may be of value to those interested in guidance related to service organizations:




    Copyright © 2006-2014 American Institute of CPAs.