Skip to main content
close search
site logo
Anonymous's headshot
Anonymous Agent

What is the smallest sized company that has to conform to the new AICPA SSAE16 standards?

Asked on May 9, 2013

This question was asked by an attendee at a recent Proformative SAS 70/SSAE 16 event: What is the smallest sized company that has to conform to the new AICPA SSAE16 standards?

Answers

Sam Wholley's headshot
Sam Wholley Consultant • April 22, 2011

Size doesn't matter here - what matters is the relevance of the service organization to the user's operating environment and, for SSAE 16, to the user's financial statements. If a very small company has a material impact on many other small companies' environment, the SSAE 16 is an applicable report. If the company would like to grow, mid-sized and larger companies will look to make sure that their existing control environments will not be weakened by integrating the service provider into their organization's processes.

Jon Long's headshot
Jon Long The Risk Assurance Guy - Google Me • February 3, 2012

One person...because the AICPA SSAE 16 standard applies to CPAs not service organizations. Was that a trick question?

Scott MacDonald's headshot
Scott MacDonald President/Owner • February 4, 2012

In my view, the SSAE 16 reports (used to be SAS70) is primarily an auditor to auditor communication. It is used by the "user" organization to determine the amount of audit work that needs to be conducted on the "supplier" system/service if any.

Want to join the conversation? Submit an answer or ask a question by emailing us at [email protected]

Submit an answer
Filed Under: Accounting
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell