Ssae 18 Control Objectives List

Updated as of january 1 2018 the soc 2 guide provides how to guidance for service auditors performing examinations under ssae 18 clarified attestation standards to report on a service organization s controls over its system relevant to security availability processing integrity confidentiality or privacy.

Ssae 18 control objectives list.

Changes for service organizations themselves revision what service organizations need to do differently csocs a complementary subservice organization control csoc is a control that management assumes will be implemented by their subservice organization. Since ssae 18 has effectively replaced ssae 16 and also sas 70 and because the ssae 18 controls and related assertions need to be based on relevant internal control over financial reporting icfr service organizations need to constructively re think their control objectives. Are necessary to achieve the control objectives stated in management s description of the system when the carve out method of reporting has been used. Control objectives address the risks that controls are intended to mitigate.

Entity s internal control over financial reporting that is integrated with an audit of its financial statements and related attestation interpretation no. Developing soc 1 ssae 18 control objectives that are related to the icfr concept is critical. 1 reporting under section 112 of the federal deposit insurance corporation. The aicpa s control objective definition provided in ssae 18 is the aim or purpose of specified controls at the service organization.