AICPA SSAE 18
Statement on Standards for Attestation Engagements 18
In addition to complying with this section, a practitioner is required to comply with section 105, Concepts Common to All Attestation Engagements, and section 205, Examination Engagements.
- 100 Common Concepts
- 105 Concepts Common to All Attestation Engagements
- 200 Level of Service
- 205 Examination Engagements
- 210 Review Engagements
- 215 Agreed-Upon Procedures Engagements
- 300 Subject Matter
- 305 Prospective Financial Information
- 310 Reporting on Pro Forma Financial Information
- 315 Compliance Attestation
- 320 Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting
- 395 [Designated for AT Section 701, Management’s Discussion and Analysis
(AICPA, Professional Standards)]
AT-C Section 320
Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting
Service Organization
An organization or segment of an organization that provides services to user entities, which are likely to be relevant to those user entities’ internal control over
financial reporting.
User Entity
An entity that uses a service organization for which controls at the service
organization are likely to be relevant to that entity’s internal control over financial
reporting.
Type 1 Report
Management’s description of a service organization’s system and a service auditor’s report on that description and on the suitability of the design of controls (referred to in this section as a type 1 report).
Type 2 Report
Management’s description of a service organization’s system and a service auditor’s report on that description and on the suitability of the design and operating effectiveness of controls (referred to in this section as a type 2 report).
Controls at a Service Organization
The policies and procedures at a service organization likely to be relevant to user entities’ internal control over financial reporting. These policies and procedures are designed, implemented, and documented by the service organization to provide reasonable assurance about the achievement of the control objectives relevant to the services covered by the service auditor’s report.
Control Objectives
The aim or purpose of specified controls at the service organization. Control objectives address the risks that controls are intended to mitigate.