Premier Auditors Fee Structure for SSAE 16 (Type 1, Type 2, Readiness) Audits
Premier Auditors focuses primary on providing a high quality product along with expert personal customer service. We do not focus on being the WalMart of the audit industry. Premier Auditors is aware that managing your costs is always good business and mandatory for financial success and we therefore work with our clients so as to keep the costs as low as possible while making certain your ultimate goals are not only achieved but exceeded.
We prefer to work on a fixed fee basis so that both parties know what they are getting into. There are situations that arise occasionally that do not allow us to accurately determine the amount of time needed to complete the tasks, and in these situations we would charge by the hour. If this hourly process is required we will initially provide you with our best estimate of how much time we think it will take. We will keep you updated on the status of the engagement on a daily or weekly basis. Also, the use of our highly sophisticated Digital Documentation Management System interactive data base has shown to save our clients money and time. We are constantly improving all of our systems so as to provide not only a better product but also to be able to offer it at the lowest price possible. The basis for all engagement is evaluated on the amount of work product required.
Service Organization Type
The type of Service Organization classification is a consideration. Service organizations with detailed application specific controls require auditing of the controls and testing of those controls. For example, a company which provides data hosting services to its user organization will rely on solely on general controls whereas a collection company would have application specific controls relating to the collection services it provides.
Service Organization Size
The number of total transactions will vary by the size of the service organization and the total population to be considered varies as well. The total number and size of transactions is a factor when establishing the fee for the engagement.
Any location for the service organization that hosts or maintains end user data should he audited for controls in place to safe guard that data.
The general controls established by management are audited by the service auditor. General controls are controls which most organizations establish. For example, most organizations will have controls in place for employee management. The management identifies all the general controls to be audited. The service auditor selects from the population a sample size upon which to test the effectiveness of the controls.
Application Specific Controls
Application Specific Controls vary between service organizations. The auditing and testing of application controls is dependent on factors such as the number of clients the service organization supports and the number of quality control points within the service model. For example, a service organization that provides collection services would have controls in place for the collection process, the debtor payment process, and disbursements to clients process. The transaction service model is applied when evaluating the controls. The transaction model asks the question how are transactions initiated, authorized, processed and recorded.
Initiated, controls should be in place to address how the transactions to the service organization are initiated. The controls govern that the transactions arc initiated timely, accurately and securely. The service auditor selects and audits a sample size from all of the initiation of transactions from the population (total number of transactions initiated during the audit period), and test the controls that management established to initiate those transactions timely, accurately and securely.
Authorized, controls should be in place to address how the transactions to the service organization are authorized. The controls govern that only authorized transactions are handled by the service organization. The service auditor selects and audits a sample size from all the authorized transactions from the population (total number of transactions authorized during the audit period), and test the controls that management established to ensure that the transactions where authorized.
Processed, controls should be in place to address how the transactions arc process timely, accurately and securely. Management establishes controls on how transactions are processed. Controls should he in place for conforming and non conforming transactions and controls to address and escalate all non conforming transactions. The service auditor selects and audits a sample size from all the processed transactions from the population (total number of transactions processed during the audit period), and test the controls that management established to ensure that the transactions were processed timely, accurately and securely.
Recorded, controls should be in place to address how the transactions are recorded. Management established the controls for recording all transactions once they are processed. The service auditor selects and audits a sample size from all the processed transactions from the population (total number of transactions recorded during the audit period), and test the controls that management established to ensure that the transactions were recorded timely, accurately and securely.
Federal Regulatory Compliance
Does the service organization have to comply with any federally mandated regulatory and compliance statues. Management should establish the controls to meet the requirements of the law. These controls should be audited to ensure compliance.
Does the service organization rely on any other service organization? If any other service organization is utilized in the performance of services, controls should be in place and audited for the processing and safe guarding of that data. For example, the service organization may utilize a mail fulfillment organization in sending out correspondence such as statements, invoices, notices, etc. The transaction service model will apply, how are the transactions initiated, authorized, processed and recorded, in a timely, accurate and secure fashion. The service auditor should audit the controls that of the sub-service organization has in place.
We provide assistance to the service organization in establishing “best practices” when evaluating the established controls in accordance with GAP. Premier Auditors provides assistance to our clients in establishing controls that should be in place, evaluating the effectiveness of existing controls and making recommendations in establishing additional controls that should be in place. More on Readiness Assessment.
We are priced competitively, and every quote is based on several factors that are unique to your organization. Call us today (855-438-7723) for an up-front and an informative discussion about what you might expect to pay and how we would provide you with a quote.
How often should I renew my SSAE 16 Audit with Premier Auditors?
Premier Auditors report (“SSAE 16 audit report”) covers a period in time, usually 6 or 12 months, for example December 31, 2012 and will cover a specified period of time (January 1, 2012 to December 31, 2013 in the case of a 12 month reporting period). Service organizations usually have the audit conducted annually, mainly due to the fact the user organizations and their auditors will need assurance that the service organization’s controls are operating effectively for the current fiscal year of the user organization. The same is true for organizations that renew every 6 months.