SSAE 16 / Internal Controls


Formerly known as a SAS 70 audit, the Statement on Standards for Attestation Engagements (SSAE) 16 is an in-depth examination of a service organization’s control objectives and control activities related to a user entity’s financial reporting and can only be performed by a CPA firm. 

Firms that undergo an SSAE 16 examination will receive a “SOC 1” report, which is a specific report on the controls at a service organization. Similar to the SAS 70 reporting options, SOC 1 allows for a Type I or a Type II report. A Type I report opines as to the fair representation of a firm’s description of controls and whether or not they are suitably designed to achieve a firm’s control objectives as of a point in time. A Type II report goes a step further and opines on the effectiveness of the controls in place over a specific period of time. 

The benefits of undergoing this type of examination are twofold. These types of reports are key for the independent auditors of a firm’s institutional clients as it allows them to rely on the controls the RIA has in place without having to actually test those controls themselves in the firm’s office. Additionally, many firms are seeing this request come up as part of their clients’ ongoing due diligence process.

Over the years, these types of examinations have become an industry wide standard for firms striving for best practices and demonstrates to clients that a firm has adequate controls and safeguards in place when processing client accounts.  

As a CPA firm focused on providing these services to advisors in the investment industry, Ashland Partners has developed a unique perspective on the operational challenges and best practices of firms ranging in size from just under $1 billion to over $350 billion in assets under management.  Please contact one of our professionals for more information or with any questions regarding the benefits of a SSAE 16 examination.


Learn More