Assurance and Advisory Services

    Assurance and Advisory Services 



    Image Map

    CPAs are constantly challenged to stay relevant and competitive. Services provided by CPAs on subject matter other than historical financial statements add significant value in the marketplace. The information and resources here will help you keep abreast of new and emerging reporting and assurance needs and will provide you with the needed measurement criteria, guidance, tools, education and other support to help you embrace new service opportunities.





    Service Organization Controls XBRL Assurance Risk Assurance and Advisory Services
    Guidance on Service Organization Control Reports.

    Guidance on the assurance of XBRL-related documents.
     

    Guidance on the assurance of enterprise risk management processes.


    Assurance Services Executive Committee and Task Forces

    The Assurance Services Executive Committee (ASEC) addresses the needs of all AICPA members in evaluating the integrity and usefulness of information they produced  by providing supporting assurance and advisory services to benefit clients, regulators and the public.  ASEC continually strives to identify emerging risks, technologies, needs, and service opportunities.

    ASEC and its related Task Forces create information guidance and whitepapers, for AICPA members, on various topics. Visit the Committee page or the individual Task Force pages for more information.

     



    Trust Services and Information Integrity

    Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs.

    ASEC Trust Information Integrity Task Force is responsible for the Trust Service Principles and criteria (TSPC), including the technical accuracy, expanding its scope for information integrity and developing related services that leverage the TSPC.
    The AICPA has released the Trust Services Principals, Criteria and Illustrations resource. This resource presents measurement criteria for use when providing attestation or consulting services to evaluate controls relevant to the security, availability, and processing integrity of a system, and the confidentiality and privacy of the information processed by the system.

    The guidance was established by the Assurance Services Executive Committee (ASEC) of the AICPA, and is necessary when performing Service Organization Control, SOCSM 2 and SOCSM 3 engagements.

    This edition improves clarity and eliminates redundancy, and updates the criteria based on the changing technology and business environment.

    Other Initiatives


    Reporting on a PMA or an EPA for Electronically Prescribing Controlled Substances

    The AICPA has developed illustrative reports to assist CPAs in reporting on whether a pharmacy management application (PMA) or an electronic prescription application (EPA) used for electronically prescribing controlled substances meets the criteria established by the U.S. Drug Enforcement Administration and whether an entity’s controls over the processing integrity and security of the PMA or EPA were operating effectively during the period covered by the report to meet the criteria for processing integrity and security included in TSP section 100.

     

       
       

    Federal Risk and Authorization Program

    The Federal Risk and Authorization Management Program (FedRAMP) created a government-wide standardized approach for assessing, authorizing, and monitoring the security of systems providing cloud products and services to Federal agencies. Under this program, third party assessment organizations perform independent verifications of the security controls utilized by cloud service providers’ information systems. However, the reporting format prescribed by FedRAMP for third party assessments differs substantially from the format AICPA members currently use to report on controls at service organizations. The ASEC Trust Information Integrity Task Force formed a working group which has met with FedRAMP representatives on multiple occasions and has made significant progress in developing a reporting format that would comply with current AICPA reporting standards while also meeting the requirements of the FedRAMP program. A recent FedBizOpps notice announced, effective March 25, 2013, FedRAMP will stop accepting new application packages from organizations applying to become accredited Third Party Assessment Organizations and will not accept any resubmitted application packages from previous applicants in response to letters of non-conformity from the FedRAMP PMO. Any firms considering applying before March 25, 2013 should indicate in their application packages the report is subject to final approval between FedRAMP and the AICPA.


    Additional Resources
     
    Other resources that may be of interest to AICPA members:

    NewsNews

    TrainingTraining & Development

    Copyright © 2006-2014 American Institute of CPAs.