March 2011

Which Service Organization Control Reporting option is right for your company?

A lot can go wrong when outsourcing functions to a third party. A security breach can leak customers’ private information. A server can go down and leave critical transactions unprocessed. Fraud at the service organization can result in inaccurate financial statements.

The risks inherent in outsourcing make trust an essential component of the relationship between the organization that provides the outsourced services and the user of the outsourced services.

SAS 70 is now SSAE 16 and it affects many more organizations.

A new reporting framework rolled out in February by the American Institute of Certified Public Accountants is intended to shine a brighter spotlight on risks relating to the information technology a service organization uses to process user entities’ data and provide peace of mind that the service organization’s controls are protecting this sensitive information.

The new Service Organization Control (SOC) framework gives outsourcing providers three options when it comes to attesting to their controls. Whether your company outsources some of its vital functions to a third-party provider, or it provides those outsourcing services, you have a responsibility to understand the risks posed by the outsourced service. These risks, in turn, determine the appropriate reporting option or options for your circumstance.

For more details about the new SOC reporting options, please read Blackman Kallick’s article, "More Options to Enhance Trust: New Reporting Framework Provides Assurance on Service Organization Controls."

To learn more about Blackman Kallick’s Service Organization Control Reporting services, please contact Matt Dopp, Partner, at mdopp@BlackmanKallick.com, Tim Bowling, Partner, at tbowling@BlackmanKallick.com, or your Blackman Kallick representative.