Because KCIC is a service organization that performs outsourced services affecting the financial statements of other companies, we undergo an SSAE 16 audit annually. An independent accounting firm assesses our internal controls and issues both a report and an opinion based on the assessment.
A Statement on Standards for Attestation Engagements (SSAE) No. 16 is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.
KCIC is proud that our auditors, BrightLine CPAs & Associates, have issued clean reports since we began the audit process in 2011.
The primary reason we undergo the audit is the Claims Administration work we do for clients; many require that we be SSAE 16-certified.
There are other important considerations as well:
An annual SSAE 16 examination enables us to prove a strong position over the control environment relating to processes that impact the client’s controls over financial reporting; it delivers a level of assurance to clients. As stated above, many won’t even consider a third-party service organization that hasn’t undergone an SSAE 16 examination, because there is a lack of trust and proven ability.
Current and potential clients also hold this report in high regard, because it provides an independent and outside review and validation of an organization’s processes, policies and procedures. Successful completion of the SSAE 16 examination is assurance that our processes meet the stated level of compliance.
New SSAE 16 standards include an additional requirement that makes management of the audited firm responsible for making certain assertions. The new vested responsibility of management — taking an active role in the process and developing a vested interest in the outcome — provides KCIC clients with an additional level of trust.
In the highly competitive global services marketplace, competing organizations are constantly looking to differentiate themselves from their peers. At the same time, prospective clients are becoming more aware of the data and the internal controls that a service organization should have in place.
If two service organizations are equal, a potential client will be more willing to conduct business with a service provider that has proactively performed an SSAE 16 examination.
While the SSAE 16 examination was initially a commodity item, these reports have grown to become a necessity and a helpful tool for service organizations to assess their processes. They also effectively convey the strengths of the service organization’s security infrastructure. Most impressively, they invite potential and existing clients to “look under the hood” of a service organization’s systems, through the lens of an independent party.
Never miss a post. Get Risky Business tips and insights delivered right to your inbox.
Managing product liabilities often means breaking complex scenarios into smaller components that can be easily understood by all parties. That’s precisely what Nancy Gutzler excels at doing.
Learn More About Nancy