Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > System Security & Reliability > System Reliability > Trust Services > SysTrust > What Are SysTrust Services and Why Should I Get Involved?
What Are SysTrust Services and Why Should I Get Involved?

SysTrust is the accounting profession's answer to concerns relating to system reliability. Although well known as a professional service offered exclusively by accounting firms, AICPA members in industry can benefit also. The reason is that SysTrust is based on the Trust Services Principles and Criteria, which constitute professional guidance as well as serving as best practices for system reliability.

Using these Principles and Criteria either separately or in combination, CPAs can offer a range of advisory and assurance services to help either clients or employers address the following customer needs:

 

·       Security: Is the system secure? The CPA determines whether the system is protected against unauthorized access (both physical and logical).

 

·       Availability: Is the system available as agreed upon? The CPA determines whether the system is available for operation and use as committed or agreed.

 

·       Processing Integrity: Are transactions processed appropriately? The CPA determines whether processing is complete, accurate, timely and authorized.

 

·       Confidentiality: Is customers' confidential information appropriately handled? The CPA determines whether business information designated as confidential is protected as committed or agreed.

 

Using these Principles and best practices as a guide, AICPA members can:

 

·       Evaluate a company against well-developed criteria and best practices. Any deficiencies can be diagnosed at an early stage.

 

·       Use the Principles and Criteria to "build in" appropriate controls from the start.

 

·       Provide assurance. Public practitioners can offer independent verification, which the company can use to assure customers. This third-party attestation engagement would specifically result in a SysTrust report. AICPA members in industry can provide internal assurance to management and even the Board of Directors that the system meets high standards.


In a SysTrust engagement, the CPA evaluates a system against the most appropriate Principles and Criteria and determines whether controls over the system exist. Recent advances in information technology have made greater computing power available to many enterprises at lower costs. It has now become the rule, not the exception, for business information to be processed electronically.

 

Organizations need, and expect, on-line access to reliable systems. This has taken on increasing importance in our interconnected global economy where electronic commerce and the disclosure of corporate information become even more critical to the operation of the company. Intense marketplace pressures have made it necessary for enterprises to find ways to enhance their systems to gain competitive advantages.

 

Given its significance, corporate management and their boards of directors, among others, are concerned about whether the systems they rely on are reliable. SysTrust is designed to meet both corporate governance and trading partner assurances they need about the controls over the systems of the Company.

 

The CPA performs tests to determine whether system controls were operating effectively during a specified period. If such controls were operating effectively, an unqualified attestation report is issued. The SysTrust report addresses whether management has maintained effective controls over its system. In addition to the attestation report, a SysTrust engagement will include a description of the system examined and in many cases management's assertion about the effectiveness of its controls over the system that enable it to meet the Trust Services criteria. A SysTrust examination level engagement is performed under Statement on Standards for Attestation Engagements (SSAE) No. 10, Attestation Standards, AT sec. 101 "Attest Engagements".

 

Why Should I Get Involved With SysTrust?

 

Recent advances in information technology have made greater computing power available to many enterprises at lower costs. It has now become the rule, not the exception, for business information to be processed electronically. Organizations need, and expect, on-line access to reliable systems. This has taken on increasing importance in our interconnected global economy where electronic commerce and the disclosure of corporate information continue their upward trend. Intense marketplace pressures have made it necessary for enterprises to find ways to enhance their systems to gain competitive advantages. Given its significance, corporate management and their boards of directors, among others, are concerned about whether the systems they rely on provide timely and reliable information. Outside parties that rely on an entity's system can be harmed by an unreliable system.

 

Examples of the consequences of an unreliable system are:

 

·       System failures and crashes that deny internal and external users access to essential services.

 

·       Unauthorized access to a system that increases its vulnerability to viruses, hackers, and a loss of data confidentiality.

 

·       System changes that may result in unintended negative side effects, such as the loss of access to system services, loss of data confidentiality, or the loss of data integrity.

 

·       Media coverage of high profile system failures that undermine customer and investor confidence, sometimes leading to substantial losses in market value and/or market share.

 

So, it is clear that those who rely on an entity's systems will demand system reliability. A CPA's involvement in SysTrust services can provide the assurance entities are seeking.

 

And who else but CPAs are as well positioned to offer this service? CPAs already have credibility regarding systems that deal with financial reporting. In addition, CPAs can leverage their existing strength when providing SysTrust services. Examples of such advantages include:

 

·       Access to client personnel and the relationship that already exists with the client

 

·       The CPA's reputation for independence, integrity, objectivity and discretion

 

·       The CPA's familiarity with controls integrated in financial reporting systems

 

·       The comprehensive ethics and professional standards that CPAs must adhere to when providing services.

 

Therefore, SysTrust is a logical extension of services the CPA already provides. And, as the practice of auditing evolves to address increasingly sophisticated systems this new service will fall more and more within the mainstream of a CPAs skills.

Copyright © 2004 by the American Institute of Certified Public Accountants, Inc., New York, New York.