Chesapeake’s Adoption Predates Standards’ Effective Dates; Inclusion of Third-Party Data Centers in Evaluations Offers Unprecedented Statement on Control Activities
Chesapeake System Solutions, Inc.® offering the world’s foremost enterprises all-in-one financial and treasury management solutions that incorporate integrated financial governance, risk management and compliance features, announced today that an independent audit agency has issued unqualified reports certifying its control objectives and control activities formulated in response to both the Statement on Standards for Attestation Engagements (SSAE) No. 16 (Reporting on Controls at a Service Organization) and the International Standards for Assurance Engagements (ISAE) No. 3402 (Assurance Reports on Controls at a Service Organization). Separate reports, each covering the period of Jan. 1–Sept. 30, 2011, demonstrate that Chesapeake possessed control objectives and control activities that met the SSAE 16 and ISAE 3402 standards even before their effective date of June 15, 2011.
Anticipating new industry standards and complying with their most rigorous provisions have made Chesapeake System Solutions the industry leader within the account reconciliation and financial close software space. Four years ago, Chesapeake first received an unqualified report under the predecessor standard for services organizations known as Statement on Auditing Standards (SAS) No. 70. Chesapeake underwent the more comprehensive SAS 70 Type II audit wherein an independent third party verified that Chesapeake’s policies and procedures were designed correctly and operating effectively. For the SSAE 16 audit, Chesapeake once again underwent the more stringent evaluation known as Service Organization Control (SOC) 1, Type II.
Beyond certification timing, Chesapeake differentiated its commitment to SSAE 16/ISAE 3402 in a unique way. In what Chesapeake believes to be an industry first, Chesapeake, in collaboration with its third-party data hosting facility, developed joint policies and procedures and control activities. Thus, auditors reviewing Chesapeake’s activities also reviewed specific practices at its data center, allowing for one comprehensive audit finding relative to SSAE 16 and ISAE 3402. This approach contrasts with other service organizations that rely on their host facilities to undergo independent evaluations employing different standards.
Dave Tanner, Senior Vice President, Chesapeake System Solutions, said, “Anyone looking at our audit reports can immediately see that both the data center and Chesapeake, the service organization supporting those applications, work as a single entity to provide the most effective controls possible. This approach communicates to our customers a level of commitment unmatched throughout the industry.”
Chesapeake’s evaluation of control objectives and activities relative to ISAE 3402 recognize the firm’s growing roster of customers with a global presence. Currently, Chesapeake clients span five continents and 45 countries. Tanner added, “We understand that our clients with a global presence may adhere to standards beyond those in the United States and may desire assurance that Chesapeake complies with these worldwide standards. Undergoing this separate evaluation and obtaining an unqualified report offers that assurance.”
Tanner concluded, “Chesapeake views the SSAE 16 and ISAE 3402 reports as more than just vehicles for demonstrating to customers that our company, as a service organization, adheres to a high level of security. We view the audit findings as a critical internal report card, helping us elevate processes, services and staff adherence to even greater heights. We actively solicit and embrace the input derived, because it gives us a more complete picture of how to make excellent processes even stronger.”