Auditing standard for service organizations confirms effective internal controls
One of the many certifications held by ARMS Inc. is the Statement on Standards for Attestation Engagements no. 16, more commonly known as SSAE 16. This auditing standard for service organizations provides confirmation that ARMS employs effective internal auditing controls.
SSAE 16 reporting helps ARMS comply with provisions of the Sarbanes-Oxley Act pertaining to financial reporting. The certification also can be applied to data centers that might be used in the delivery of financial reporting.
ARMS will undergo an SSAE 18 audit this year in accordance with compliance standards. This new standard incorporates more downstream, subcontracted and vendor audit requirements.
The current SSAE 16 certification includes two types of reports, of which ARMS provides the System and Organization Controls (SOC) Type I report. This report is an independent snapshot of ARMS’s control landscape on a given day.
Auditors test the design effectiveness of ARMS’s defined controls by examining a sample of one item per control. Demonstrating that ARMS has these controls in place can be useful for customers in trying to obtain a contract.
SSAE 16 identifies potential risks with ARMS’s reporting
SSAE 16 requires ARMS to provide the auditor with a written assertion regarding the SOC Type I report:
- The fairness of the presentation of the description of ARMS’s system.
- The suitability of the design of the controls to achieve the related control objectives stated in the description.
The SSAE 16 service auditor is required to obtain information that would identify risks during the process of understanding ARMS’s system. This includes the risk that ARMS’s description of its system is not fairly presented or that the control objectives ARMS states in the description were not achieved due to intentional actions by the company’s staff.
Additional information about SSAE 16 auditing is available at https://www.ssae-16.com/.
Full-Service information management and destruction services from Arms Inc
ARMS is an industry leader in records and information technology solutions, providing organizations “best practice” consulting in the Green Bay, Wisconsin, area and across the United States. ARMS is an SSAE 16-audited company that meets today’s information regulatory requirements such as HIPAA, HITECH and FACTA. Services include traditional document storage, certified information destruction, data protection and media vaulting, and automated workflow solutions.
For more information about services available through ARMS, please call 877-764-2767 or visit https://arms4rim.com/.
View original article on SSAE 16 here.