What are the similarities and difference when it comes to SSAE 16 vs. ISAE 3402? That's a question posed often by interested parties seeking learn more about the SSAE 16 AICPA attest standard and the IFAC ISAE 3402 assurance standard. They both have been developed for purposes of reporting on controls at service organizations, and they both also are a result of collaborative efforts by the AICPA and IFAC.
As for the similarities, notable points are the following:
1. Both SSAE 16 and ISAE 3402 reports can be "Type 1" or "Type 2"2. They both require a description of their "system", along with requiring management of the service organization to provide a written statement of "assertion".3. They are issued by Certified Public Accountants (CPA) and Chartered Accountants (CA) - official designations in the field of accountancy.Additionally, both standards closely align themselves in many other areas, and they both originated out of a collaborative effort by notable entities (AICPA, IFAC) to create more globally accepted accounting principles. ISAE 3402 was going to move forward, and the AICPA – already having plans to retire the aging SAS 70 auditing standard – put forth the SSAE 16 standard that contained many elements of ISAE 3402. In fairness, no one standard was really “ahead” of the other – rather –a joint effort was initiated to create both SSAE 16 and ISAE 3402. Additionally, they’re both experiencing great success, as witnessed by the overwhelming acceptance and adoption of SSAE 16 and ISAE 3402 on the global business arena. Learn more about NDNB's compliance expertise and the complimentary SOC 2 Policy Packets, along with our complimentary PCI DSS Policy Packets and also SOC 1 Policy Packets we provide to our clients for each enagement. It truly makes a difference for each audit!