Attestation


The AICPA issued Technical Practice Aids (TPAs) 9520.12–.26 to provide nonauthoritative guidance regarding Statement on Standards for Attestation Engagements (SSAE) no. 16, Reporting on Controls at a Service Organization (AICPA, Professional Standards, AT sec. 801).
 
The TPAs provide guidance for service auditors reporting on controls at a service organization relevant to user entities’ internal control over financial reporting (ICFR), and also to user auditors who audit the financial statements of entities that use a service organization. SSAE no. 16 supersedes the guidance for service auditors that is in Statement on Auditing Standards no. 70, Service Organizations (AICPA, Professional Standards, AU sec. 324). The guidance for user auditors will remain in the auditing standards.
 
The TPAs cover topics including the effect of moving the guidance for service auditors from the auditing standards to the attestation standards, the changes introduced by SSAE no. 16, the content of management’s assertion, determining whether an outside CPA firm that performs significant accounting and financial reporting processes and controls for a user entity is a service organization, and reporting on a service auditor’s engagement under both SSAE no. 16 and International Standard on Assurance Engagements 3402, Assurance Reports on Controls at a Service Organization.
 
In addition, TIS section 9530, Service Organization Controls (SOC) Reports, in AICPA Technical Practice Aids was issued to include TPAs 9530.01–.22 to provide nonauthoritative guidance on reporting on controls at a service organization relevant to subject matter other than user entities’ ICFR, specifically controls at a service organization relevant to the security, availability or processing integrity of a system or the confidentiality or privacy of the information the system processes. This engagement uses the Trust Services criteria to evaluate the attributes of a system. These TPAs provide information about and differentiate the three SOC engagements included in the SOC report series (SOC 1 for SSAE no. 16 engagements, and SOC 2 and SOC 3 for reporting on controls over the attributes of a system using the Trust Services criteria).

The TPAs provide information about the source of the guidance for performing and reporting on these engagements, and the authority of the new SOC 1 and SOC 2 guides. The section also includes a table that (1) identifies a variety of attestation engagements that involve reporting on controls and (2) the appropriate attestation standard or interpretive guidance to be used in the circumstances.

Recently issued TPAs are available at tinyurl.com/3so64k8.

More from the JofA:

 Find us on Facebook  |   Follow us on Twitter  |   View JofA videos

SPONSORED REPORT

Revenue recognition: A complex effort

Implementing the new standard requires careful judgment. Learn how to make significant accounting judgments and document them and collaborate with peers for consistent application.

VIDEO

How to Excel pivot a general ledger

The general ledger is a vast historical data archive of your company's financial activities, including revenue, expenses, adjustments, and account balances. J. Carlton Collins, CPA, shows how to prepare data for, and mine data with, PivotTables.

QUIZ

News quiz: Taking an economic snapshot and looking to the future

Recent news included IRS actions that affect individuals and partnerships and a possibly influential move by a Big Four accounting firm.Take this short quiz to see how much you know about the news.