Nationwide Title Clearing, Inc. (NTC), a research and document-processing service provider to the mortgage industry, successfully completed an SSAE 16 examination of its mortgage processing services for the period on July 1, 2014 through Dec. 31, 2014. The examination was conducted by an independent CPA firm, BrightLine CPAs and Associates, Inc. No exceptions were found.
“Our successful completion of a Type 2 SOC 1 review,” said William Borde, NTC’s VP of Risk Management, “shows current and future clients that NTC has undergone a rigorous examination by an independent third party to ensure that it continues to meet attestation standards set by the American Institute of Certified Public Accountants.”
The Statement on Standards for Attestation Engagements 16 (SSAE 16), also known as the Service Organization Controls Report 1 (SOC 1), formerly was known as the Statement on Auditing Standards # 70 (SAS 70). Through actions of the Auditing Standards Board of the American Institute of Certified Public Accountants, SSAE 16 superseded the SAS 70 audit standard in mid-2011. It is the adopted version of the International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization, for use in the United States.
To ensure that it remains in compliance with the standards promulgated by these governing bodies, NTC regularly engages auditors to conduct SSAE 16/SOC 1 examinations. The key operational components that were reviewed in the recent examination included NTC’s general management controls, risk management, information security and communications systems.
Per NTC’s standard practice, the company opted to have the auditors conduct a Type 2 SOC 1 examination. Unlike the less-rigorous Type 1 SOC 1 examination, which delivers an opinion and description of operations relevant to the service an organization provides as of a certain date, in the Type 2 SOC 1 examination the auditor tests internal controls and processes over a period of time – in this case, July 1, 2014 through Dec. 31, 2014 – to verify that the internal controls and processes actually are occurring as the service organization intends, and that the controls were in place during the audit period. Because the auditors provide an opinion about the actual operation of controls, third parties are considered more likely to accept a Type 2 SOC 1 report than a Type 1 SOC 1 report. No exceptions were found in the Type 2 SOC 1 examination of NTC.