Attestation Engagements That Address Specified Compliance Control Objectives and Related Controls at Entities That Provide Services to Investment Companies, Investment Advisers, or Other Service Providers
Space considerations prevent publishing here the appendix to SOP 07-2. Since the appendices often are important to understanding SOPs, readers are advised to obtain complete copies. To obtain a copy of SOP 07-2 (product no. 014946), visit www.cpa2biz.com/store or contact the AICPA at 888-777-7077.
This Statement of Position (SOP) is an interpretive publication and represents the recommendations of the Chief Compliance Officers Task Force of the AICPA Auditing Standards Board (ASB) regarding the application of Statements on Standards for Attestation Engagements (SSAE) primarily to examination engagements in which a practitioner reports on the suitability of the design and operating effectiveness of a service provider's controls in achieving specified compliance control objectives. Examples of the service providers addressed by this SOP are investment advisers, custodians, transfer agents, administrators, and principal underwriters that provide services to investment companies (including business development companies), investment advisers, or other service providers (user organizations). A practitioner's report on the suitability of the design and operating effectiveness of a service providers controls in achieving specified compliance control objectives is used primarily by user organizations because aspects of a user organization's compliance or internal control over compliance with laws, regulations, and rules may be affected by or include controls at service providers. The ASB has found the recommendations in this SOP to be consistent with existing standards covered by Rule 202, Compliance With Standards, of the AICPA Code of Professional Conduct (AICPA, Professional Standards, vol. 2, ET sec. 202.01).
Interpretive publications are not as authoritative as pronouncements of the ASB; however, if a practitioner does not apply the attestation guidance included in this SOP, the practitioner should be prepared to explain how he or she complied with the provisions of SSAE addressed by this SOP
TABLE OF CONTENTS Introduction and Background/1-5 Objective of the Examination Engagement/6-7 Subject Matter of the Examination Engagement/8 Management's Responsibilities/9 Criteria/10 Reference to Laws, Regulations, and Rules/11 Practitioner's Responsibilities/12-13 Matters Addressed by the Compliance Control Objectives/14-18 Evaluating Deficiencies in Controls/19-20 User Organizations Affected by a Service Provider's Noncompliance With Federal Securities Laws or Elements Thereof/21-22 Management Assertion/23-24 Management Representational/25-27 Reporting/28-33 Agreed-Upon Procedures/34-36 Effective Date/37 Appendix A: Appendix A-1--Illustrative Practitioner's Examination Report on a Service Providers Assertion Regarding Specified Compliance Control Objectives and Related Controls Appendix A-2--Illustrative Practitioner's Examination Report on a Service Provider's Assertion Regarding Specified Compliance Control Objectives and Related Controls When the Service Provider Uses a Subservice Provider and the Subservice Provider's Control Objectives and Related Controls are Excluded From the Description and the Scope of the Practitioner's Engagement Appendix A-3--Illustrative Management Assertion Regarding a Service Providers Specified Compliance Control Objectives and Related Controls Appendix A-4--Illustrative Service Provider's Description of Specified Compliance Control Objectives and Related Controls Appendix B--Illustrative Practitioner's Examination Report Containing a Qualified Opinion on the Suitability of the Design and Operating Effectiveness of a Service Providers Controls in Achieving Specified Compliance Control Objectives Appendix C--Additional Illustrative Compliance Control Objectives Appendix D--Matters Identified in Securities and Exchange Commission Release Nos. …