Control objectives address the risks that controls are intended to mitigate.
Ssae 18 control objectives list.
Since ssae 18 has effectively replaced ssae 16 and also sas 70 and because the ssae 18 controls and related assertions need to be based on relevant internal control over financial reporting icfr service organizations need to constructively re think their control objectives.
Moving to ssae 18.
The aicpa s control objective definition provided in ssae 18 is the aim or purpose of specified controls at the service organization.
Entity s internal control over financial reporting that is integrated with an audit of its financial statements and related attestation interpretation no.
A clearer view of attestation standards for service organizations 1.
Updated as of january 1 2018 the soc 2 guide provides how to guidance for service auditors performing examinations under ssae 18 clarified attestation standards to report on a service organization s controls over its system relevant to security availability processing integrity confidentiality or privacy.
Are necessary to achieve the control objectives stated in management s description of the system when the carve out method of reporting has been used.
1 reporting under section 112 of the federal deposit insurance corporation.