This course speaks briefly to the transition from SAS 70 to SSAE 16 and now SSAE 18. However, the focus on the various Service Organization control reports, their purposes and uses.

Today's businesses have seen a dramatic increase in the use of outsourced providers to assist with executing processes from payroll, accounts payable, information technology, benefit plan administration, and many other core processes. These processes ultimately have an impact on an organization's internal control over financial reporting but also could impact compliance and operational issues.
In 2011, the Statement for Auditing Standards Attest Engagements (SSAE 16) replaced the former SAS70 Standard. In May 2017, a new standard SSAE 18 has superseded SSAE 16. The concepts covered are referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should understand the various types of SOC reports, their intended use, and their implication on a company's financial reporting process, regardless of your status as a publicly traded or privately held organization. The process can be complicated to understand as a user organization. Currently, several types of SOC Reports exist including: • SOC 1 - Type 1 • SOC 1 - Type 2 • SOC 2 - Type 1 • SOC 2 - Type 2 • SOC 2+ • SOC 3 • Cybersecurity SOC
This course speaks briefly about the transition from SAS 70 to SSAE 16 and now SSAE 18. However, the focus is on the various Service Organization control reports, their purposes, and uses.
Field of Study: Auditing

Lynn Fountain has over 45 years of experience spanning public accounting, corporate accounting and consulting. 24 years of her experience has been working in the areas of internal and external auditing. She is a subject matter expert in multiple fields including internal audit, ethics, fraud evaluations, Sarbanes-Oxley, enterprise risk management, governance, financial management and compliance. Ms. Fountain has held two Chief Audit Executive positions for international companies. In 2011, as the Chief Audit Executive for an international construction/ engineering firm, she was involved in the active investigation of a joint venture fraud. The investigation included work with the FBI and ultimately led to indictment of the perpetrators and recovery of $13M. Ms. Fountain is currently engaged in her own training and consulting business and is a regular trainer for the AICPA. Ms. Fountain is the author of three separate technical books. “Raise the Red Flag – The Internal Auditors Guide to Fraud Evaluations” was published by the Institute of Internal Auditors Research Foundation. -“Leading The Internal Audit Function” and -“Ethics and The Internal Auditor Political Dilemma” were published by Taylor & Francis In addition Ms. Fountain was a contributing author to the certification program exam for the National Association of Accountants. She also has certificate programs on various on-line platforms. Ms. Fountain has performed as an adjunct instructor for the School of Business for Grantham University and developed the first internal audit curriculum for the School of Business at the University of Kansas. Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas. She has her CGMA, CRMA credentials and CPA certificate (non-active).