SSAE no. 16 applies when data resulting from an outsourcing relationship is incorporated in the outsourcer’s financial statements. An entity that performs a specialized task or function for other entities is known as a service organization, and an entity that outsources the task or function to a service organization is known as a user entity.
Prior to the issuance of SSAE no. 16, the guidance for service auditors reporting on controls at a service organization was contained in Statement on Auditing Standards no. 70, Service Organizations (AICPA, Professional Standards, vol. 1, AU section 324), as amended.
The FAQ document is available at tinyurl.com/36mxc23.
Also, resulting from its clarity project, the ASB has issued Clarified Statement on Auditing Standards, Audit Considerations Relating to an Entity Using a Service Organization. This SAS supersedes SAS no. 70, Service Organizations (AICPA, Professional Standards, vol. 1, AU section 324), and addresses the user auditor’s responsibility for obtaining sufficient appropriate audit evidence in an audit of the financial statements of an entity that uses one or more service organizations.
The SAS is available at tinyurl.com/2ewhq7e.
Also from its clarity project, the ASB issued Clarified Statement on Auditing Standards, Consideration of Laws and Regulations in an Audit of Financial Statements, which supersedes AU section 317, Illegal Acts by Clients, in AICPA Professional Standards and addresses the auditor’s responsibility to consider laws and regulations in an audit of financial statements.
The AICPA’s Audit and Attest Standards Team issued Technical Practice Aid (TPA) 9500.27, “The Accountant’s Reporting Responsibility With Respect to Subsequent Discovery of Facts Existing at the Date of the Report.” The TPA clarifies the meaning of the phrase “where applicable” in paragraph .79a of AR section 100, Compilation and Review of Financial Statements, in AICPA Professional Standards.
More from the JofA: