SSAE 16 Preparation Tips


This tip is focused on designing controls that reflect the process being testing, if they don’t, a headache of massive proportions will be created once testing begins.

What do you do to make sure you don’t screw this up? Have as many meetings as it takes to get it right.

What you need to do is sit down with the auditors, the department lead, the main employees responsible for performing the process, and anyone else whom could either play a role in testing or modifying the control in the future. Once that is done, Management should discuss what they determined the control to be and how it should operate, that is then reviewed by the auditors, and then the employees performing the tasks should be reconsulted to verify that the control still reflects their process accurately.

Many times people try to speed this process up and half-ass it, leaving many open items which upon testing could easily blow up into a huge problem. When the control isn’t 100% agreed upon prior to testing and a deviation is noted, it’s a tough call between failing the control and the ability to adjust it to accurately reflect the process. The problem is modifying a control after testing has begun is not proper and needs to be avoided at all costs.

Locking the controls locked down early on could save weeks in wrapping up your new SSAE 16 Report.

We have seen issues like this cause delays in issuing of the report to the client and running additional fees, since adjusting controls isn’t free. Coming from the perspective of the auditor, we can let you know the pitfalls, consequences and how to best navigate the audit process. If you have any comments or questions please leave them below!

19 comments

  1. I would recommend an audit from the ground-up requirements of SSAE 16 if our current system and technical resources meets its standards on not only the minimal operations needed, but we must aim for the optimal working conditions.

  2. Magnificent post.That is a very nice blog.This time, we got the following prepare to mail crossword puzzle clue.Mordo flinch puzzles solutions search the definition and like all the realizable answers mordo flinch data got to pass freely.Thank you.

  3. I Just Google this blog and find the information and tips on the ssae 16 audit very helpful. Keep up the great work, its hard to find good ones. I have added to my favorites.

    Also Check updates of – Sochi 2014 Olympics Schedule | 2014 Winter OlympicsMedals

  4. Thanks for sharing this post… These tips are really useful and I feel good to comment on this amazing blog. Thank You.

    Wish You all a very Happy Valentines Day 2014 in advance..

  5. The problem is modifying a control after testing has begun is not proper and needs to be avoided at all costs.

  6. When the control isn’t 100% agreed upon prior to testing and a deviation is noted, it’s a tough call between failing the control and the ability to adjust it to accurately reflect the process http://www.bestgarbagedisposalhq.com/

  7. It is really very helpful post. I learn from your content big time.Thanks for that.

    Also Check – Shivratri 2014 Date

  8. Thanks for sharing your knowledge friend, really enjoying your blog posts

    You should also check most famous Mardi Gras Quotes

  9. Wants to remind you that everything is funny as long as it’s Not Happening To You. Please Don’t Make others FOOL ON April Fool Day.

  10. It is always a joy to find such sites with so much useful information, and to hear so many different opinions. I love reading articles of such magnitude. Thank you Health Benefits

  11. The problem is modifying a control after testing has begun is not proper and needs to be avoided at all costs.

  12. I love this Information and tips on the ssae 16 audit very helpful.

    Must Check Good Friday Cross with Jesus Christ Pictures

  13. C'est un très bon poste. J'aime beaucoup cela.

  14. Many entities outsource tasks or entire functions to service organizations that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities.

  15. It had been questioning only can use this kind of write-up about my own additional website.
    UCRECORDINGS.ORG