What is the smallest sized company that has to conform to the new AICPA SSAE16 standards?

User's Picture
Anonymous (Marketing Coordinator)
| Apr 21, 2011

This question was asked by an attendee at a recent Proformative SAS 70/SSAE 16 event: What is the smallest sized company that has to conform to the new AICPA SSAE16 standards?

Topics:

Answers

Sam Wholley's Profile
Sam Wholley (Consultant, Frank, Rimerman + Co. LLP)
Profile
Sam Wholley
Title: Consultant
Company: Frank, Rimerman + Co. LLP
| Apr 22, 2011

Size doesn't matter here - what matters is the relevance of the service organization to the user's operating environment and, for SSAE 16, to the user's financial statements. If a very small company has a material impact on many other small companies' environment, the SSAE 16 is an applicable report. If the company would like to grow, mid-sized and larger companies will look to make sure that their existing control environments will not be weakened by integrating the service provider into their organization's processes.

For full access, login or register
Jon Long's Profile
Jon Long (The Risk Assurance Guy - Google Me, CompliancePoint)
Profile
Jon Long
Title: The Risk Assurance Guy - Google Me
Company: CompliancePoint
| Feb 3, 2012

One person...because the AICPA SSAE 16 standard applies to CPAs not service organizations. Was that a trick question?

For full access, login or register
Scott MacDonald's Profile
Scott MacDonald (President/Owner, AlphaMac Resources, Inc.)
Profile
Scott MacDonald
Title: President/Owner
Company: AlphaMac Resources, Inc.
| Feb 4, 2012

In my view, the SSAE 16 reports (used to be SAS70) is primarily an auditor to auditor communication. It is used by the "user" organization to determine the amount of audit work that needs to be conducted on the "supplier" system/service if any.

For full access, login or register