LOS ANGELES – Dec. 14, 2011 – BlackLine Systems has become the first provider of account reconciliation and financial close software to complete the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) report – an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) which sets guidelines for auditors to use in order to objectively assess the internal controls of service organizations. SSAE 16 effectively replaces the prior Statement on Auditing Standards No. 70 (SAS 70) as the authoritative guidance on service organizations. (BlackLine completed its original SAS 70 report in 2009.)
While undergoing the SSAE 16 audit, BlackLine also successfully completed an International Standard on Assurance Engagements No. 3402 (ISAE 3402) evaluation, showing that the company has the proper controls and processes in place to meet the stringent international audit and accounting reporting standards for service organizations, as set forth by the International Auditing and Assurance Standards Board (IAASB).
SSAE 16 was drafted with the intention of updating the U.S. service organization reporting standard so that it mirrors and complies with the new international standard.
A key determination for completing an SSAE 16 and/or ISAE 3402 examination is that an independent service auditor successfully examined the system under audit for processing user entities transactions during the period of audit, as well as the suitability of the design and operating effectiveness of controls based on the defined control objectives. BlackLine’s successful audits, performed by Moss Adams LLP, recognize the company’s adherence to the requirements and processes it has set in place surrounding its flagship financial close Software-as-a-Service (SaaS) suite.
In the case of BlackLine, all systems and data are housed with global Internet hosting leader Rackspace. Both the BlackLine application and Rackspace data center have gone through successful SSAE 16/ISAE 3402 audits, giving clients even greater peace of mind that their data is safe and secure. Furthermore, the scope of the BlackLine audit includes control objectives involving organization and administration, physical and environmental controls, logical security, system development, client implementation, data integration, and system availability and disaster recovery.
“Adherence to guidelines set forth by worldwide regulatory organizations such as the AICPA and IAASB is becoming increasingly important as more companies move to SaaS where sensitive corporate data is hosted by third parties,” said Chris Kradjan, a partner with Moss Adams. “Using a service provider like BlackLine, along with a hosting provider such as Rackspace, which have each successfully completed SSAE 16/ISAE 3402 evaluations is an important consideration, especially for large public and global companies that have confidential financial information hosted offsite and have to comply with Sarbanes-Oxley or other international reporting regulations.”
BlackLine Takes SSAE 16/ISAE 3402 a Step Further with Type II Reports Under its BeltBoth the BlackLine and Rackspace SSAE 16 and ISAE 3402 evaluations include completion of Service Auditor Type II reports. A Type II report not only includes the service organization’s description of controls (also required in Type I), but also includes detailed testing of the service organization’s controls over a minimum six-month period.
“Having a third party, such as Moss Adams, come in and conduct these important audits confirming the effectiveness of our security policies and controls reinforces that BlackLine is offering clients an enterprise-class SaaS application,” Mario Spanicciati, executive vice president of operations, BlackLine, said. “By working with Rackspace to deliver the highest level of SaaS services such as hot disaster recovery, high availability, strict security controls and testing, BlackLine is able to provide a reliable, secure, high performance application to our growing global client base.”