Why the Change from SSAE 16 to SSAE 18?
Convergence with international standards is driving this change. There have been changes on the International Statement on Attestation Engagements (ISAE) side, and in the U.S, the Auditor Standards Board (ASB), desires to converge its standards with the international community’s changes. The corresponding standard to SSAE 18, which is a U.S. only standard, relates to the new ISAE 3000.
In the full webinar, you will also see that the AICPA is striving to simplify the different AT sections into one source, which will be known as SSAE 18. Many of the older sections will be reorganized into SSAE 18.
What are the changes in the new standard?
There will be a stronger focus on risk assessment as a response to the magnitude of data breaches and the increase of risk. As more organizations outsource and use vendors, those organizations are taking more risks because they’re taking on the risks of their vendors. There is new language and focus on the responsibility of management. An auditor’s risk assessment must include:
- An evaluation of the risk of material misstatement and ask if management identified the risks that threaten the achievement of the control objectives stated in management’s description
- An understanding of management’s process for identifying and evaluating the risks that threaten the achievement of the control objectives and assessing the completeness and accuracy of management’s identification of those risks
- An evaluation of the linkage of the controls identified in management’s description of the service organization’s system with those risks and determine that the controls have been implemented
How can KirkpatrickPrice help you make the shift?
Our resources on risk assessments and vendor compliance management can help you prepare your organization. Hire our specialized resources to facilitate a risk assessment with you and your team and perform site visits with your critical vendors, access our webinar recordings for topics dealing with risk assessment and vendor compliance management, access our tools and templates to help you with documenting your own risk assessment, and use the Online Audit Manager to ask questions of your vendors. Contact us today to learn more.
Download the full webinar to learn more details, see examples, and listen to the Q&A portion.