April 28, 2017

What is AT-101?


Warning: Illegal string offset 'keywords_time' in /homepages/27/d172822364/htdocs/ssae/wp-content/plugins/internal-link-building/Internal_Link_Building.php on line 103

AT-101 was developed to put requirements in place for CPAs examining and issuing reports on controls over subject matter other than financial reporting. These standards are codified within  AT section 101, Attest Engagements, of the attestation standards, not under SSAE16.

Some of the audits issued under AT101 gaining prominence in the market place include the SOC 2 and SOC 3 Reports and are based upon the trust service principles. AT 101 also permits companies to undergo a review of controls over just about any non-financial reporting related process that a third party may want assurance of , essentially serves as a catch all.

Lately, accounting firms have begun issuing combined SSAE 16 (SOC 1) and AT-101 reports.  The controls which impact financial reporting are covered within the SOC 1 and the others, typically IT related controls, are covered within the AT-101. While this may sound confusing or redundant at first, it allows for a better segregation and organization of controls from an auditing standpoint.