SSAE-18 Attestation

Risk Integrated Enterprise Performance Management

A uni-dimensional focus on Value Creation alone can – in today’s cyber-risk prone world – lead to a situation where one can be “losing on the swings what one has gained on the roundabouts”.

Preserving Value already created – by adoption of appropriate Risk Management frameworks and methodologies – is equally important ! In fact the World Economic Forum in it’s “Global Risks Report – 2019” – listed “Data Fraud or Theft” and “Cyber-attacks” as the 4th and 5th most likely risks among the Top 5 Most Likely Risks facing the world in 2019 !!

The CPAs / CISAs / CITPs / certified Privacy cosultants and auditors on board at EntPerMaSys realize this. Our SSAE-18 audit, gap analysis and advisory services around the AICPA’s Trust Services Criteria (TSC) Framework, SOC 1 Audits that require an understanding of COSO Frameworks combined with experience in Internal Controls Over Financial Reporting (ICoFR) and hands-on practical experience in handling external audits around these topics – place us in a better position to understand your finance personnel’s perspectives and guide our interactions and deliverables from that unqiue perspective.

Typical questions that our clients have are –

  • What is the difference between a SOC 1, SOC 2 and SOC 3 examination ? Which one is most suitable for us ? How long does it take to complete one ? How much does it cost ?
  • I am already ISO 27001 (ISMS) certified. How much of a difference is there when it comes to a SOC examination when compared to ISO 27001 ?
  • How long does it take ? Which attestation is suitable for my business – SOC 1 ? or a SOC 2 ? When should i go for a SOC 3 ? What all Trust Services Criteria categories do i need to include ? Should i go for a Type I or a Type II ? If opt for a Type II – how long a period should i cover in the attestation ?

Why Us for SSAE-18 ?

We bring to the table a unique perspective of a “user-group oriented” approach instead of a pure “technology oriented” approach to Enterprise Risk Management. The immediate connect that we are able to create with SME CFOs / CEOs when we lead these audits bears testimony to the perspectives that we bring in when we approach these engagements. We have adequate SOX Audit / external financial reporting backgrounds in senior leadership positions to frame the approach that your board would be comfortable dealing with, but at the same time – simplify and demystify the same to your operational staff as we analyze your processes and controls at various levels of the organization.

We are also a Delaware based CPA Firm. As per AICPA Guidelines – only licensed CPAs working with CPA Firms can perform SOC 1/2/3 attestations. So be careful in selecting your attestation partner for your SOC attestation engagement. While there will always be someone who will do the work cheaper – it would be useful to bear in mind that the whole purpose of going through a SOC 1/2/3 attestation – is to gain the trust of your customers !! Penny-wise may not be appropriate !!

Do get in touch with us to start a meaningful conversation around the same.