How to Determine a Quality Audit Report

By: Sara McLane, Senior Auditor at A-LIGN Service auditor reports are a great way for any service organization to showcase its compliance, to retain customers and to gain a competitive advantage. But how do you really know that your organization has just obtained a quality audit report? And why does quality matter as long as […]

Read More

CSA Integrates Cloud Controls Matrix with SOC 2 Reports for Cloud Providers

By: Peter Clarke, Senior Consultant at A-LIGN The AICPA recently released an Illustrative Type 2 SOC 2 Report to assist auditors in reporting on the suitability of design and operating effectiveness on cloud security providers. The Cloud Security Alliance (CSA) Cloud Control Matrix (CCM) builds upon the AICPA’s Trust Services Principles (TSP) as the attest […]

Read More

Trust Services Principles Update and Impact on SOC 2

By: Sara McLane, Senior Auditor at A-LIGN In February of 2014, the AICPA released the new Trust Services Principles and Criteria (TSP) for Security, Availability, Processing Integrity, Confidentiality, and Privacy. The updated TSP will have a positive effect on our clients and other organizations obtaining a SOC 2 report by increasing the clarity for readers […]

Read More

Updating the SOC 1 System Description

By: Sue Wells, Senior Consultant at A-LIGN In preparation for a SOC 1 audit, a service organization’s management is required to provide a system description per the SSAE 16 auditing standards. Until recently, little guidance had been provided to assist service organization management in preparing the system description. In January 2014, the AICPA’s Information Management […]

Read More

Payroll Company Controls: From an Internal and External Perspective

By: Sue Wells, Senior Consultant at A-lign CPAs Internal Controls vs. External Controls – What are we talking about? For a payroll company, many of the controls that are executed on a daily basis are designed to ensure that the payroll company’s client’s financial reports will not be mis-stated, and that the information gathered from […]

Read More

Ask A-LIGN: Is my Organization Required to Obtain a Type 2 SSAE 16 Examination Annually?

Answer: This is a question we are asked frequently by our clients and prospective clients, and the answer is: It Depends. Here’s why: The SSAE 16 guidance states that the period of review, or time frame that the report covers, should be at least six (6) months in the case of a Type 2 SSAE […]

Read More