Ssae 18 Control Objectives

Ssae18introducestheconceptof complementary subservice organization controls csocs which represents controls that management of the service organization expects will be implemented by the subservice organizations and are necessary to achieve the control objectives stated in management s description of the system when the carve out method of reporting has been used.

Ssae 18 control objectives.

Well the authoritative source for a soc 1 audit is the american institute of certified public accountants aicpa statement on standards for attestation engagements number 18 ssae 18. Will be implemented by the subservice organizations and are necessary to achieve the control objectives. What is ssae 18. It is also intended to reduce instances of duplication within similar standards that cover examinations reviews and agreed upon procedure engagements.

Changes for service organizations themselves revision what service organizations need to do differently csocs a complementary subservice organization control csoc is a control that management assumes will be implemented by their subservice organization. Specifically a soc 1 ssae 18 scoping and readiness assessment helps identify what business processes are to be included including icfr issues along with evaluating internal control processes and procedures documentation deficiencies technical security control weaknesses and more. A clearer view of attestation standards for service organizations 1. The ssae 18 guidance primarily clarifies existing auditing standards.

18 requires the consideration of complementary subservice organization controls which are the controls for portions of the service organization s systems that are outsourced to other service organizations. 1 reporting under section 112 of the federal deposit insurance corporation. Under the ssae 18 standard complementary user entity controls are now defined as those controls that are only necessary to achieve control objectives stated in management s description. Moving to ssae 18.

The aicpa s control objective definition provided in ssae 18 is the aim or purpose of specified controls at the service organization.