Skip to main content
Live Webcast Replay

Keys of SOC Reports - Following SSAE 18 Requirements

Total Credits: 2 including 2 Auditing- Technical

Average Rating:
Partner Produced |  Accounting and Auditing
Lynn Fountain, CGMA, CRMA, MBA
Course Levels:
2 Hours
Product Setting: Expires 30 day(s) after program date.



Today's businesses have seen a dramatic increase in the use of outsourced providers to assist with executing processes from payroll, accounts payable, information technology, benefit plan administration and many other core processes. These processes ultimately have an impact on an organization's internal control over financial reporting but also could impact compliance and operational issues

In 2011, the Statement on Standards for Attestation Engagements (SSAE) 16 replaced the former Statement on Auditing Standards (SAS) 70. In May 2017, a new standard, SSAE 18, superseded SSAE 16

The concepts covered in this course are referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should understand the various types of SOC reports, their intended use and their implication on a company's financial reporting process, regardless of your status as a publicly traded or privately held organization.  The process can be complicated to understand as a user organization. Currently, several types of SOC Reports exist including:

  • SOC 1 - Type 1

  • SOC 1 - Type 2

  • SOC 2 - Type 1

  • SOC 2 - Type 2

  • SOC 3

  • Cybersecurity SOC

This course speaks briefly to the transition from SAS 70 to SSAE 16 and now SSAE 18.  However, the focus is on the various Service Organization Control Reports, their purposes and uses

Basic Course Information

Learning Objectives
  • Explore the transition of the accounting standards from Statement on Auditing Standards (SAS) 70 to Statement on Standards for Attestation Engagements (SSAE) 16 and now SSAE 18
  • Recognize the various types of service and subservice organizations
  • Explore procedures to conduct a SOC (Service Organization Control) 1 engagement, develop proper control objectives and determine specific reporting methods
  • Explore procedures to conduct and report on a SOC 2 engagement
  • Recognize the requirements for SOC 3 reports
  • Explore the SOC cybersecurity requirements
  • Recognize the requirements to prepare for a SOC engagement
  • Recognize the requirements for user entities

Major Subjects
  • Move from SAS 70 and SSAE 16 to SSAE 18
  • Types of Service Organizations
  • SOC 1 Engagements
  • Control Objectives
  • Reporting
  • SOC 1 and SOC 2 Reporting
  • SOC 3 Reports
  • Preparing for SOC Engagement
  • SOC Comparisons

Course Materials


Lynn Fountain, CGMA, CRMA, MBA Related Seminars and Products

Lynn Fountain has over 37 years of experience spanning public accounting, corporate accounting and consulting. 22 years of her experience has been working in the areas of internal and external auditing. She is a subject matter expert in multiple fields including internal audit, ethics, fraud evaluations, Sarbanes-Oxley, enterprise risk management, governance, financial management and compliance. 

Ms. Fountain has held two Chief Audit Executive positions for international companies. In 2011, as the Chief Audit Executive for an international construction/ engineering firm, she was involved in the active investigation of a joint venture fraud.  The investigation included work with the FBI and ultimately led to indictment of the perpetrators and recovery of $13M.  Ms. Fountain is currently engaged in her own training and consulting business and is a regular trainer for the AICPA.

Ms. Fountain is the author of three separate technical books.  “Raise the Red Flag – The Internal Auditors Guide to Fraud Evaluations” was published by the Institute of Internal Auditors Research Foundation. “Leading The Internal Audit Function” and “Ethics and The Internal Auditor Political Dilemma” were published by Taylor & Francis In addition,

Ms. Fountain has performed as an adjunct instructor for the School of Business for Grantham University and developed the first internal audit curriculum for the School of Business at the University of Kansas.  Ms. Fountain obtained her BSBA from Pittsburg State University and her MBA from Washburn University in Kansas. She has her CGMA, CRMA credentials and CPA certificate (non-active).


Thu, Aug 22, 2024 - 02:00pm to 04:00pm EDT
Thu, Sep 26, 2024 - 11:00am to 01:00pm EDT
Tue, Oct 29, 2024 - 09:00am to 11:00am EDT
Fri, Nov 22, 2024 - 02:00pm to 04:00pm EST
Fri, Dec 13, 2024 - 11:00am to 01:00pm EST
Mon, Dec 30, 2024 - 09:00am to 11:00am EST
Fri, Jan 24, 2025 - 02:00pm to 04:00pm EST

Additional Info

Basic Course Information



Advanced Preparation


Designed For

CPAs, Corporate personnel working with SOC providers, consultants providing SOC reports

Original Recording Date


Course Developer


Date Added to Catalog


Yellow Book No

Additional Information

Complaint Resolution Policy

Please contact Anne Taylor for any complaints., (972-377-8199).

Official Registry Statement

Business Professionals' Network, Inc. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

Instructional Delivery Method

Group Internet Based

Course Registration Requirements

Online Registration

Refund/Cancellation Policy

Please contact the ACPEN help desk 1-877-602-9877 or if you wish to cancel your attendance for a previously purchased webcast and are requesting a refund or transfer.



Overall:      4.8

Total Reviews: 42


David R

"Excellent presentation."

Thomas V

"Thank you Lynn!"

Edward A

" "

Donovan M

"I received great info without any prior knowledge of the subject"

Daniel P - Coral Gables, Florida

"Great Class"