Sarbanes Oxley News, October 2011 [NOOK Book]

Overview

For many years (since April 1992) , third-party service organizations need a Statement on Auditing Standards (SAS) No. 70 in order to provide evidence that they have effective internal controls.

It is time to do more: To consider the Statement on Standards for Attestation Engagements (SSAE) No. 16.

In ...
See more details below
Sarbanes Oxley News, October 2011

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$0.99
BN.com price

Overview

For many years (since April 1992) , third-party service organizations need a Statement on Auditing Standards (SAS) No. 70 in order to provide evidence that they have effective internal controls.

It is time to do more: To consider the Statement on Standards for Attestation Engagements (SSAE) No. 16.

In April 2010, the American Institute of Certified Public Accountants (AICPA) published the new Standard, SSAE No. 16, which supersedes the SAS 70 for performing an examination of a service organization's controls and processes.

In fact the AICPA has launched a new resource dedicated to Service Organization Control (SOC) Reporting including the new SSAE 16 standard

In SSAE No. 16, the entity that outsources a task or function is known as a user entity, and the entity that performs a service for user entities is known as a service organization.

An example of a service organization is an investment adviser that invests assets for user entities, maintains the accountability for those assets, and provides statements to user entities that contain information that is incorporated in the user entities’ financial statements, for example, the fair value of exchange traded securities, or dividend and interest income.

Another example of a service organization is a data center that provides applications and technology that enable user entities to process financial transactions.

In SSAE No. 16, an auditor who audits the financial statements of a user entity is known as a user auditor.

In auditing a user entity’s financial statements, the user auditor needs to obtain evidence to support assertions in the user entity’s financial statements that are affected by information provided by the service organization.

In some cases, the user entity is able to implement controls at the user entity over the service performed by the service organization.

In other cases, the user entity relies on the service organization to initiate, execute, and record the transactions.

In the latter case it may be necessary for a user auditor to obtain information about the effectiveness of controls at the service organization that affect the quality of the information provided to user entities.

The user auditor could visit the service organization and test the service organization’s controls that are relevant to the user entity’s internal control over financial reporting .

However, because many entities use the service organization, a number of user auditors may visit the service organization, require the assistance of service organization personnel, and disrupt the business of the service organization.

Another alternative is for the service organization to:

(1) Prepare a description of the service organization’s system, including the control objectives and related controls that are likely to be relevant to user entities’ internal control over financial reporting, and

(2) Engage a service auditor to report on the fairness of the presentation of the description, the suitability of the design of the controls, and in certain engagements, the operating effectiveness of the controls.

That report, including the description of the system, can be used by all the user auditors to obtain information about the controls at the service organization that are relevant to the user entities’ internal control over financial reporting.

Two Types of Engagements

SSAE No. 16 contains the requirements and guidance for a service auditor reporting on a service organization’s controls. It enables a service auditor to perform two types of engagements:

A type 2 engagement in which the service auditor reports on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

A type 1 engagement in which the service auditor reports on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Changes Introduced by SSAE No. 16

The following are some changes in the requirements for a service auditor’s engagement introduced by SSAE No. 16:

1. The service auditor is required to obtain a written assertion from management of the service organization about the subject matter of the engagement. For example, for a type 2 engagement, the service auditor would obtain a written assertion by management about whether in all material respects.
Read More Show Less

Product Details

  • BN ID: 2940013254770
  • Publisher: Compliance LLC
  • Publication date: 10/2/2011
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 22
  • File size: 94 KB

Meet the Author

George Lekatis is the General Manager and Chief Compliance Consultant of Compliance LLC, a leading provider of risk and compliance training and executive coaching in 36 countries.

George has more than 17,000 hours experience as a professional speaker and seminar leader. He has worked for more than 15 years as a management consultant and educator and has demonstrated exceptional presentation and communication skills.

George is the president of the Basel ii Compliance Professionals Association (BCPA, www.basel-ii-association.com), the largest association of Basel ii professionals in the world, and the Basel iii Compliance Professionals Association (BiiiCPA, www.basel-iii-association.com), the largest association of Basel iii professionals in the world.

George is also president of the Sarbanes Oxley Compliance Professionals Association (SOXCPA, www.sarbanes-oxley-association.com), the largest Association of Sarbanes Oxley professionals in the world

George is an expert witness, qualified to investigate and testify about risk and compliance management standards, policies, procedures, best practices, due care and due diligence.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)