In the United States, Statements on Auditing Standards provide guidance to external auditors on generally accepted auditing standards (abbreviated as GAAS) in regards to auditing a non-public company [1] and issuing a report. They are promulgated by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA), which holds all copyright on the Standards. They are commonly abbreviated as "SAS" followed by their respective number and title.
With the permission of the AICPA, the full text of Standards 1–101 has been posted on the website of the Digital Accounting Collection at the J.D. Williams Library of the University of Mississippi. Links to these full-text records appear in the List of Statements of Auditing Standards below.
| No. | Official title | Issued on |
|---|---|---|
| 1 | Codification of Auditing Standards and Procedures full-text | November 1972 |
| 2 | Reports on Audited Financial Statements full-text | October 1974 |
| 3 | The Effects of EDP on the Auditor's Study and Evaluation of Internal Control full-text | December 1974 |
| 4 | Quality Control Considerations for a Firm of Independent Auditors full-text | December 1974 |
| 5 | The Meaning of "Present Fairly in Conformity With Generally Accepted Accounting Principles" in the Independent Auditor's Report full-text | July 1975 |
| 6 | Related Party Transactions full-text | July 1975 |
| 7 | Communications Between the Predecessor and Successor Auditors full-text | October 1975 |
| 8 | Other Information in Documents Containing Audited Financial Statements full-text | December 1975 |
| 9 | The Effect of an Internal Audit Function on the Scope of the Independent Auditor's Examination full-text | December 1975 |
| 10 | Limited Review of Interim Financial Information full-text | December 1975 |
| 11 | Using the Work of a Specialist full-text | December 1975 |
| 12 | Inquiry of a Client's Lawyer Concerning Litigation, Claims, and Assessments full-text | January 1976 |
| 13 | Reports on a Limited Review of Interim Financial Information full-text | May 1976 |
| 14 | Special Reports full-text | December 1976 |
| 15 | Reports on Comparative Financial Statements full-text | December 1976 |
| 16 | The Independent Auditor's Responsibility full-text | January 1977 |
| 17 | Illegal Acts by Clients full-text | January 1977 |
| 18 | Unaudited Replacement Cost-Information full-text | May 1977 |
| 19 | Client Representations full-text | June 1977 |
| 20 | Required Communication of Material Weaknesses in Internal Accounting Control full-text | August 1977 |
| 21 | Segment Information full-text | December 1977 |
| 22 | Planning and Supervision full-text | March 1978 |
| 23 | Analytical Review Procedures full-text | October 1978 |
| 24 | Review of Interim Financial Information full-text | March 1979 |
| 25 | The Relationship of Generally Accepted Auditing Standards to Quality Control Standards full-text | November 1979 |
| 26 | Association with Financial Statements full-text | November 1979 |
| 27 | Supplementary Information Required by the Financial Accounting Standards Board full-text | December 1979 |
| 28 | Supplementary Information on the Effects of Changing Prices full-text | June 1980 |
| 29 | Reporting on Information Accompanying the Basic Financial Statements in Auditor-Submitted Documents full-text | July 1980 |
| 30 | Reporting on Internal Accounting Control full-text | July 1980 |
| 31 | Evidential Matter full-text | August 1980 |
| 32 | Adequacy of Disclosure of Financial Statements full-text | October 1980 |
| 33 | Supplementary Oil and Gas Reserve Information full-text | October 1980 |
| 34 | The Auditor's Considerations When a Question Arises About and Entity's Continued Existence full-text | March 1981 |
| 35 | Special Reports-Applying Agreed-Upon Procedures to Specified Elements, Accounts, or Items of a Financial Statement full-text | April 1981 |
| 36 | Review of Interim Financial Information full-text | April 1981 |
| 37 | Filings Under Federal Securities Statutes full-text | April 1981 |
| 38 | Letters for Underwriters full-text | April 1981 |
| 39 | Audit Sampling full-text | June 1981 |
| 40 | Supplementary Mineral Reserve Information full-text | February 1982 |
| 41 | Working Papers full-text | April 1982 |
| 42 | Reporting on Condensed Financial Statements and Selected Financial Data full-text | September 1982 |
| 43 | Omnibus Statement on Auditing Standards full-text | August 1982 |
| 44 | Special-Purpose Reports on Internal Accounting Control at Service Organizations full-text | December 1982 |
| 45 | Omnibus Statement on Auditing Standards-1983 full-text | August 1983 |
| 46 | Consideration of Omitted Procedures After the Report Date full-text | September 1983 |
| 47 | Audit Risk and Materiality in Conducting an Audit full-text | December 1983 |
| 48 | The Effects of Computer Processing on the Audit of Financial Statements full-text | July 1984 |
| 49 | Letters for Underwriters full-text | September 1984 |
| 50 | Reports on the Application of Accounting Principles full-text | July 1986 |
| 51 | Reporting on Financial Statements Prepared for Use in Other Countries full-text | July 1986 |
| 52 | Omnibus Statement on Auditing Standards-1987 full-text | April 1988 |
| 53 | The Auditor's Responsibility to Detect and Report Errors and Irregularities full-text | April 1988 |
| 54 | Illegal Acts by Clients full-text | April 1988 |
| 55 | Consideration of Internal Control in a Financial Statement Audit full-text | April 1988 |
| 56 | Analytical Procedures full-text | April 1988 |
| 57 | Auditing Accounting Estimates full-text | April 1988 |
| 58 | Reports on Audited Financial Statements full-text | April 1988 |
| 59 | The Auditor's Consideration of an Entity's Ability to Continue as a Going Concern full-text | April 1988 |
| 60 | Communication of Internal Control Related Matters Noted in an Audit full-text | April 1988 |
| 61 | Communication With Audit Committees full-text | April 1988 |
| 62 | Special Reports full-text | April 1989 |
| 63 | Compliance Auditing Applicable to Governmental Entities and Other Recipients of Governmental Financial Assistance full-text | April 1989 |
| 64 | Omnibus Statement on Auditing Standards-1990 full-text | December 1990 |
| 65 | The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements full-text | April 1991 |
| 66 | Communication of Matters About Interim Financial Information Filed or to Be Filed with Special Regulatory Agencies-An Amendment to SAS No. 36: Review of Interim Financial Information full-text | June 1991 |
| 67 | The Confirmation Process full-text | November 1991 |
| 68 | Compliance Auditing Considerations in Audits of Governmental Financial Assistance full-text | December 1991 |
| 69 | The Meaning of "Present Fairly in Conformity With Generally Accepted Accounting Principles" full-text | January 1992 |
| 70 | Service Organizations full-text | April 1992 |
| 71 | Interim Financial Information full-text | May 1992 |
| 72 | Letters for Underwriters and Certain Other Requesting Parties full-text | February 1993 |
| 73 | Using the Work of a Specialist full-text | July 1994 |
| 74 | Compliance Auditing Considerations in Audits of Governmental Financial Assistance full-text | February 1995 |
| 75 | Engagements to Apply Agreed-Upon Procedures to Specified Elements, Accounts, or Items of a Financial Statement full-text | September 1995 |
| 76 | Amendments to Statements on Auditing Standards No. 72: Letters for Underwriters and Certain Other Requesting Parties full-text | September 1995 |
| 77 | Amendments to Statements on Auditing Standards No. 22: Planning and Supervision, No. 59: The Auditor's Consideration of an Entity's Ability to Continue as a Going Concern, and No. 62: Special Reports full-text | November 1995 |
| 78 | Consideration of Internal Control in a Financial Statement Audit: An Amendment to Statement on Auditing Standards No. 55 full-text | December 1995 |
| 79 | Amendment to Statement on Auditing Standards No. 58: Reports on Audited Financial Statements full-text | December 1995 |
| 80 | Amendment to Statement on Auditing Standards No. 31: Evidential Matter full-text | December 1996 |
| 81 | Auditing Investments full-text | December 1996 |
| 82 | Consideration of Fraud in a Financial Statement Audit full-text | February 1997 |
| 83 | Establishing an Understanding With the Client full-text | October 1997 |
| 84 | Communications Between the Predecessor and Successor Auditors full-text | October 1997 |
| 85 | Management Representations full-text | November 1997 |
| 86 | Amendments to Statements on Auditing Standards No. 72: Letters for Underwriters and Certain Other Requesting Parties full-text | March 1998 |
| 87 | Restricting the Use of the Auditor's Report full-text | September 1998 |
| 88 | Service Organizations and Reporting on Consistency full-text | December 1999 |
| 89 | Audit Adjustments full-text | December 1999 |
| 90 | Audit Committee Communications full-text | December 1999 |
| 91 | Federal GAAP Hierarchy full-text | April 2000 |
| 92 | Auditing Derivative Instruments, Hedging Activities, and Investments in Securities full-text | September 2000 |
| 93 | Omnibus Statement on Auditing Standards-2000 full-text | October 2000 |
| 94 | The Effect of Information Technology on the Auditor's Consideration of Internal Control in a Financial Statement Audit full-text | May 2001 |
| 95 | Generally Accepted Auditing Standards full-text | December 2001 |
| 96 | Audit Documentation full-text | January 2002 |
| 97 | Amendment to Statement on Auditing Standards No. 50: Reports on the Application of Accounting Principles full-text | June 2002 |
| 98 | Omnibus Statement on Auditing Standards-2002 full-text | September 2002 |
| 99 | Consideration of Fraud in a Financial Statement Audit full-text | October 2002 |
| 100 | Interim Financial Information full-text | November 2002 |
| 101 | Auditing Fair Value Measurements and Disclosures full-text | January 2003 |
| 102 | Defining Professional Requirements in Statements on Auditing Standards full-text | December 2005 |
| 103 | Audit Documentation full-text | December 2005 |
| 104 | Amendment to Statement on Auditing Standards No. 1: Codification of Auditing Standards and Procedures (Due Professional Care in the Performance of Work) full-text | February 2006 |
| 105 | Amendment to Statement on Auditing Standards No. 95: Generally Accepted Auditing Standards full-text | February 2006 |
| 106 | Audit Evidence full-text | February 2006 |
| 107 | Audit Risk and Materiality in Conducting an Audit full-text | February 2006 |
| 108 | Planning and Supervision full-text | February 2006 |
| 109 | Understanding the Entity and its Environment and Assessing the Risks of Material Misstatements full-text | February 2006 |
| 110 | Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained full-text | February 2006 |
| 111 | Amendment to Statement on Auditing Standards No. 39: Audit Sampling full-text | February 2006 |
| 112 | Communicating Internal Control Related Matters Identified in an Audit full-text | May 2006 |
| 113 | Omnibus 2006 full-text | November 2006 |
| 114 | The Auditor's Communication With Those Charged With Governance full-text | December 2006 |
| 115 | Communicating Internal Control Related Matters Identified in an Audit full-text | October 2008 |
| 116 | Interim Financial Information full-text | February 2009 |
| 117 | Compliance Audits full-text | December 2009 |
| 118 | Other Information in Documents Containing Audited Financial Statements | February 2010 |
| 119 | Supplementary Information in Relation to the Financial Statements as a Whole | February 2010 |
| 120 | Required Supplementary Information | February 2010 |
| 121 | Revised applicability of statement on auditing standards no. 100, Interim financial information | February 2011 |
SAS No. 122, Clarification and Recodification, contains the Preface to Codification of Statements on Auditing Standards, Principles Underlying an Audit Conducted in Accordance With Generally Accepted Auditing Standards, and 39 clarified SASs. This statement recodifies and supersedes all outstanding SASs through No. 121 except
SAS No. 122 also withdraws SAS No. 26, Association With Financial Statements, as amended.
The AICPA is the source of the most up-to-date information.
| No. | Official title | Issued on | Current status |
|---|---|---|---|
| 122 | Clarification and recodification | October 2011 | In effect |
| 123 | Omnibus statement on auditing standards | October 2011 | In effect |
| 124 | Financial statements prepared in accordance with a financial reporting framework generally accepted in another country | October 2011 | In effect |
| 125 | Alert that restricts the use of the auditor's written communication | December 2011 | In effect |
| 126 | Auditor's consideration of an entity's ability to continue as a going concern (redrafted) | July 2012 | In effect |
| 127 | Omnibus statement on auditing standards - 2913 | January 2013 | In effect |
| 128 | Using the work of internal auditors | February 2014 | In effect |
| 129 | Amendment to statement on auditing standards no. 122 section 920, Letters for underwriters and certain other requesting parties, as amended | July 2014 | In effect |
| 130 | Audit of internal control over financial reporting that is integrated with an audit of financial statements | October 2015 | In effect |
| 131 | Amendment to Statement on auditing standards no. 122, Section 700, Forming an opinion and reporting on financial statements | January 2016 | In effect |
| 132 | The Auditor's Consideration of an Entity's Ability to Continue as a Going Concern | February 2017 | In effect |
| 133 | Auditor Involvement With Exempt Offering Documents | July 2017 | In effect |
| 134 | Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in the Audit of Financial Statements | May 2019 | In effect |
| 135 | Omnibus Statement on Auditing Standards—2019 | May 2019 | In effect |
| 136 | Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA | July 2019 | In effect |
| 137 | The Auditor's Responsibilities Relating to Other Information Included in Annual Reports | July 2019 | In effect |
| 138 | Amendments to the Description of the Concept of Materaility | December 2019 | In effect |
| 139 | Amendments to AU-C Sections 800, 805, and 810 to Incorporate Auditor Reporting Changes From SAS No. 134 | March 2020 | In effect |
| 140 | Amendments to AU-C Sections 725, 730, 930, 935, and 940 to Incorporate Auditor Reporting Changes From SAS Nos. 134 and 137 | April 2020 | In effect |
| 141 | Amendment to the Effective Dates of SAS Nos. 134–140 | May 2020 | In effect |
| 142 | Audit Evidence | July 2020 | In effect |
| 143 | Auditing Accounting Estimates and Related Disclosures | July 2020 | In effect |
| 144 | Amendments to AU-C Sections 501, 540, and 620 Related to the Use of Specialists and the Use of Pricing Information Obtained From External Information Sources | June 2021 | In effect |
| 145 | Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement | October 2021 | Effective for audits ending on or after December 15, 2023 |
| 146 | Quality Management for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards | June 2022 | Effective for engagements conducted in accordance with GAAS for periods beginning on or after December 15, 2025 |
The American Institute of Certified Public Accountants began codifying the Statements on Auditing standards semiannually in 1976. The Codification of Statements on Auditing Standards is generally issued in January, and the U.S. Auditing Standards is issued as part of the AICPA Professional Standards in June of each year. The current U.S. Auditing Standards are available at the AICPA's Web site. Below is a list of older codifications from the Professional Standards.
| Date | Official title | Issued on |
|---|---|---|
| 1976 | AICPA Professional Standards: Auditing as of July 1, 1976 full-text | July 1, 1976 |
| 1977 | AICPA Professional Standards: Auditing as of July 1, 1977 full-text | July 1, 1977 |
| 1978 | AICPA Professional Standards: Auditing as of July 1, 1978 full-text | July 1, 1978 |
| 1979 | AICPA Professional Standards: Auditing as of July 1, 1979 full-text | July 1, 1979 |
| 1980 | AICPA Professional Standards: Auditing as of June 1, 1980 full-text | June 1, 1980 |
| 1981 | AICPA Professional Standards: Auditing as of June 1, 1981 full-text | June 1, 1981 |
| 1982 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1982 full-text | June 1, 1982 |
| 1983 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1983 full-text | June 1, 1983 |
| 1984 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1984 full-text | June 1, 1984 |
| 1985 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1985 full-text | June 1, 1985 |
| 1986 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1986 full text | June 1, 1986 |
| 1987 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1987 full-text | June 1, 1987 |
| 1988 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1988 full-text | June 1, 1988 |
| 1989 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1989 full-text | June 1, 1989 |
| 1990 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1990 full-text | June 1, 1990 |
| 1991 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1991 full-text | June 1, 1991 |
| 1992 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1992 full-text | June 1, 1992 |
| 1993 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1993 full-text | June 1, 1993 |
| 1994 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1994 full-text | June 1, 1994 |
| 1995 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1995 full-text | June 1, 1995 |
| 1996 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1996 full-text | June 1, 1996 |
| 1997 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1997 full-text | June 1, 1997 |
| 1998 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1998 full-text | June 1, 1998 |
| 1999 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 1999 full-text | June 1, 1999 |
| 2000 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2000 full-text | June 1, 2000 |
| 2001 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2001 full-text | June 1, 2001 |
| 2002 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2002 full-text | June 1, 2002 |
| 2003 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2003 full-text | June 1, 2003 |
| 2004 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2004 full-text | June 1, 2004 |
| 2005 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2005 full-text | June 1, 2005 |
| 2006 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2006 full-text | June 1, 2006 |
| 2007 | AICPA Professional Standards: U.S. Auditing Standards as of June 1, 2007 full-text | June 1, 2007 |
Accounting, also known as accountancy, is the process of recording and processing information about economic entities, such as businesses and corporations. Accounting measures the results of an organization's economic activities and conveys this information to a variety of stakeholders, including investors, creditors, management, and regulators. Practitioners of accounting are known as accountants. The terms "accounting" and "financial reporting" are often used interchangeably.
The American Institute of Certified Public Accountants (AICPA) is the national professional organization of Certified Public Accountants (CPAs) in the United States, with more than 428,000 members in 130 countries. Founded in 1887 as the American Association of Public Accountants (AAPA), the organization sets ethical standards and U.S. auditing standards. It also develops and grades the Uniform CPA Examination. AICPA is headquartered in Durham, North Carolina, and maintains additional offices in New York City, Washington, D.C., and Ewing, New Jersey.
Generally Accepted Accounting Principles (GAAP or U.S. GAAP or GAAP (USA), pronounced like "gap") is the accounting standard adopted by the U.S. Securities and Exchange Commission (SEC) and is the default accounting standard used by companies based in the United States.
Certified Public Accountant (CPA) is the title of qualified accountants in numerous countries in the English-speaking world. It is generally equivalent to the title of chartered accountant in other English-speaking countries. In the United States, the CPA is a license to provide accounting services to the public. It is awarded by each of the 50 states for practice in that state. Additionally, all states except Hawaii have passed mobility laws to allow CPAs from other states to practice in their state. State licensing requirements vary, but the minimum standard requirements include passing the Uniform Certified Public Accountant Examination, 150 semester units of college education, and one year of accounting-related experience.
Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial Statement Audit, commonly abbreviated as SAS 99, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in October 2002. The original exposure draft was distributed in February 2002. Please see PCAOB AS 2401.
An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.
Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).
A going concern is an accounting term for a business that is assumed will meet its financial obligations when they become due. It functions without the threat of liquidation for the foreseeable future, which is usually regarded as at least the next 12 months or the specified accounting period. The presumption of going concern for the business implies the basic declaration of intention to keep operating its activities at least for the next year, which is a basic assumption for preparing financial statements that comprehend the conceptual framework of the IFRS. Hence, a declaration of going concern means that the business has neither the intention nor the need to liquidate or to materially curtail the scale of its operations.
In the United States, the Auditing Standards Board (ASB) is the senior technical committee designated by the American Institute of Certified Public Accountants (AICPA) to issue auditing, attestation, and quality control statements, standards and guidance to certified public accountants (CPAs) for non-public company audits. Created in October 1978, it is composed of 19 members representing various industries and sectors, including public accountants and private, educational, and governmental entities. It issues pronouncements in the form of statements, interpretations, and guidelines, which all CPAs must adhere to when performing audits and attestations.
Fraud deterrence has gained public recognition and spotlight since the 2002 inception of the Sarbanes-Oxley Act. Of the many reforms enacted through Sarbanes-Oxley, one major goal was to regain public confidence in the reliability of financial markets in the wake of corporate scandals such as Enron, WorldCom and Waste Management. Section 404 of Sarbanes Oxley mandated that public companies have an independent Audit of internal controls over financial reporting. In essence, the intent of the U.S. Congress in passing the Sarbanes Oxley Act was attempting to proactively deter financial misrepresentation (Fraud) in order to ensure more accurate financial reporting to increase investor confidence. This same concept is applied in the discussion of fraud deterrence.
Statement on Auditing Standards (SAS) No. 55: Consideration of Internal Control in a Financial Statement Audit, commonly abbreviated as SAS 55, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in April 1988. It requires the auditor to obtain an understanding of an entity’s internal control sufficient to plan any audit on such entity. Identifying and evaluating relevant controls is an important step in the user auditor’s overall audit approach.
Regulation S-X is a prescribed regulation in the United States of America that lays out the specific form and content of financial reports, specifically the financial statements of public companies. It is cited as 17 C.F.R. Part 210; the name of the part is "Form and Content of and Requirements for Financial Statements, Securities Act of 1933, Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, Investment Company Act of 1940, Investment Advisers Act of 1940, and Energy Policy and Conservation Act of 1975".
Statements on Auditing Procedure were issued by the Committee on Auditing Procedure of AICPA from 1939 to 1972. The Committee issued 54 SAPs before it became the Auditing Standards Executive Committee (AcSEC) and began issuing Statements on Auditing Standards.Statement on Auditing Standards No. 1 summarized and superseded the 54 SAPs.
The AICPA Code of Professional Conduct is a collection of codified statements issued by the American Institute of Certified Public Accountants that outline a CPA's ethical and professional responsibilities. The code establishes standards for auditor independence, integrity and objectivity, responsibilities to clients and colleagues and acts discreditable to the accounting profession. The AICPA is responsible for drafting, revising and reissuing the code annually, on June 1. The current Code is available at the AICPA Web site. For older versions of the Code, see the links below.
Statement on Standards for Attestation Engagements no. 16 is an auditing standard for service organizations, produced by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board, which supersedes Statement on Auditing Standards no. 70 and has been superseded by SSAE No. 18.
Statement on Standards for Attestation Engagements no. 18 is a Generally Accepted Auditing Standard produced and published by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board. Though it states that it could be applied to almost any subject matter, its focus is reporting on the quality of financial reporting. It pays particular attention to internal control, extending into the controls over information systems involved in financial reporting. It is intended for use by Certified Public Accountants performing attestation engagements, the preparation of a written opinion about a subject, and the client organizations preparing the reports that are the subject of the attestation engagement. It prescribes three levels of service: examination, review, and agreed-upon procedures. It also prescribes two types of reports: Type 1, which includes an assessment of internal control design, and Type 2, which additionally includes an assessment of the operating effectiveness of controls. Published April 2016, SSAE 18 and all previous standards it supersedes are represented in section AT-C of the AICPA Professional Standards, with most sections becoming effective on May 1, 2017.
System and Organization Controls as defined by the American Institute of Certified Public Accountants (AICPA), is the name of a suite of reports produced during an audit. It is intended for use by service organizations to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories called Trust Service Criteria. The Trust Services Criteria were established by The AICPA through its Assurance Services Executive Committee (ASEC) in 2017. These control criteria are to be used by the practitioner/examiner in attestation or consulting engagements to evaluate and report on controls of information systems offered as a service. The engagements can be done on an entity wide, subsidiary, division, operating unit, product line or functional area basis. The Trust Services Criteria were modeled in conformity to The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework. In addition, the Trust Services Criteria can be mapped to NIST SP 800 - 53 criteria and to EU General Data Protection Regulation (GDPR) Articles. The AICPA auditing standard Statement on Standards for Attestation Engagements no. 18, section 320, "Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting", defines two levels of reporting, type 1 and type 2. Additional AICPA guidance materials specify three types of reporting: SOC 1, SOC 2, and SOC 3.
