Organizations seeking a SAS 70 audit are often surprised to learn that SAS 70 audit has been replaced by the new SSAE 16 audit. Although similar in many respects, SSAE 16 offers additional levels and types of assurance previously unavailable (known as Service Organization Control (SOC) reports). As a result, many organizations are not only seeking guidance on which report type they need, but also an experienced provider to guide them through the process.
Freed Maxick provides SSAE 16 audits to service organizations of varying sizes in New York and across the United States. Regardless of location, service organizations can gain a competitive advantage by demonstrating a commitment to internal controls through a SSAE 16 audit. Whether you require a basic audit or have more complex reporting needs, the professionals at Freed Maxick stand ready to assist you.
We offer three types of SSAE 16 SOC Reports:
SOC1 Reports – This report is intended to meet the needs of the user’s management team and their auditors to evaluate the effectiveness of the internal controls of the service organization on the user’s financial statement assertions. These reports are very important to ensure compliance with Sarbanes Oxley requirements. (Note this is similar to the report issued under the previous SAS 70 standard).
SOC2 Reports – These reports meet the needs of several users that require an understanding of the internal controls at an organization as it relates to security, availability, processing integrity, confidentiality and privacy. This report type is intended for use by stakeholders (customers, regulators, business partners, and suppliers) that need to have an in-depth understanding of the organization and the internal controls structure.
SOC3 Reports – These reports meet the needs of users who need assurance on the controls at a service organization, but do not have the need for the deep level of information provided in a SOC2 report. Since SOC3 reports are general use, they can be freely distributed and even posted on your website along with a corresponding seal.
Which Report is Right for You?
Are your customers primarily concerned with the impact your services could have on their financial statements? If so, an SOC 1 audit is the best option. If your customers’ concerns are focused on the security and confidentiality of their data or the availability of the systems you provide, an SOC 2 audit is appropriate. Unsure which SOC report best fits your specific needs? Visit the Service Organization Control (SOC) Report Comparison page to identify the right report for your organization.