Rising Medical Solutions, an Early Adopter of SAS 70's Replacement Standard

Service Organizations Must Make the Switch in Auditing Standards

Sep 23, 2011, 14:01 ET from Rising Medical Solutions Inc.

CHICAGO, Sept. 23, 2011 /PRNewswire/ -- A recently enacted standard has replaced the Statement on Auditing Standards No. 70 (SAS 70).  This superseding standard, the Statement on Standards for Attestation Engagements No. 16 (SSAE 16), became effective on June 15, 2011 and pushes service organizations to enforce a stronger set of controls and more stringent reporting requirements.

(Logo: http://photos.prnewswire.com/prnh/20080206/AQW030LOGO-b)

Rising Medical Solutions has taken the first major step toward being SSAE 16 compliant, with the issuance of a Service Organization Control Report (SOC 1) on Rising's Provider Payments System.  The report was issued by Blackman Kallick, an independent accounting and auditing firm. Rising, like many companies providing services that impact clients' finances, such as payroll processing, accounting, or benefits administration, seeks conformity with this new standard as affirmation of its accounting, technology and security practices. Certain financial services organizations subject to the Frank-Dodd Act are required to issue a SOC 1 report.

"While Rising is not subject to the requirement of SSAE-16, we feel that our systems must provide an environment that safeguards our clients' data and assets," says Thomas Galvan, Rising's Chief Financial Officer. "Becoming SSAE 16 compliant is a step to provide us validation from an independent third-party that our controls are adequate."

The primary changes between these two auditing principles include:

  • Audit vs. Attest: SSAE 16, unlike SAS 70, is an "attest" standard, falling under the attestation framework, and not the "auditing" framework. SSAE 16 addresses management's focus on understanding business and IT processes, evaluating the completeness of a risk assessment, identifying key controls and whether those controls are in place.
  • Description of a "System" vs. Description of "Controls": SSAE 16 requires a description of the "system", while SAS 70 only called for a description of "controls". SSAE 16's "system" description is seen as a more expansive, detailed requirement.
  • Written Assertion by Management: SSAE 16 requires a written "assertion" by management, something that was never required for the SAS 70 auditing standard. The service organization provides a written assertion to the auditor ensuring a number of control essentials.  The control environment also requires a company to have ongoing monitoring activities or separate evaluations in place to support management's assertion.

Ultimately, the switch from SAS 70 to SSAE 16 allows companies, like Rising, to better meet objectives for financial reporting reliability and operational effectiveness and efficiency. Rising expects its environment to be fully reviewed and tested by year's end.

About Rising Medical Solutions Inc.

Rising Medical Solutions is a national medical-financial solutions firm that provides medical bill review, hospital bill review  and medical cost containment services to the workers' compensation, auto, liability, and group health markets. Inc. magazine and the Private Company Index (PCI) rank the Chicago-based company as one of the fastest growing private enterprises in America.

Media Contact
Leslie Yeransian - 617.733.1225 / leslie.yeransian@risingms.com

Available Topic Expert(s): For information on the listed expert(s), click appropriate link.
https://profnet.prnewswire.com/Subscriber/ExpertProfile.aspx?ei=73105
Jason Beans

SOURCE Rising Medical Solutions Inc.



RELATED LINKS

http://www.risingms.com