State National Adopts Latest Standards to Protect Lenders

State National updates SAS 70 reports to the latest SSAE 16 SOC 1 auditing standards to safeguard credit unions and other lenders against risk.

State National Companies, the national leader in Collateral Protection Insurance (CPI) solutions, announced it will be adopting the latest auditing standard, SSAE 16 SOC 1, for the 12-month period ending October 31, 2011. The new standard, which replaces the well-known SAS 70 audit, is designed to further minimize lenders' risk associated with using contract services, such as those provided by State National.

"State National understands the need of lenders to manage risk related to the services any third-party vendor provides, which is why we have been conducting continuous testing to assure our clients that we maintain the highest processing standards," said Trace Ledbetter, Senior Vice President, State National.

"Because we are the only company in the nation that specializes in Collateral Protection Insurance, it is particularly important that we assure lenders of the highest level of risk management and control around our products and services," Ledbetter added. "That is why we are committed to adopting the new SSAE 16 SOC 1 service auditor standard with the release of our next report. Fortunately, because of our own extensive testing over time, adopting this new standard will be a seamless transition."

Whenever companies contract with another organization to perform services related to their business, they assume a level of risk for those services performed. To help mitigate these risks, most lenders have required service organizations to provide an independent report on the controls that are relevant to their internal controls over financial reporting.

The American Institute of Certified Public Accountants (AICPA) had primarily relied on Statement on Auditing Standards (SAS) No. 70 - Service Organizations for guidance on independent reporting on controls at service organizations. Over the past several years, State National provided its clients with a Type 2 SAS 70 audit report. Today, the AICPA has provided a new framework, the Statement on Standards for Attestation Engagements (SSAE) 16, to replace SAS 70.

Under the new framework, the AICPA established guidelines and reporting options that cover controls at a service organization that impact the integrity of information reported in user entity's financial statements. SSAE 16 SOC 1 reports are specific in covering the relevant areas of Internal Controls over Financial Reporting and require that management of the service organization make an assertion in the report regarding the fair presentation of the system description, design and operating effectiveness of their internal controls.

State National will continue to use Deloitte & Touche LLP as its service auditor. Deloitte & Touche LLP is a national CPA firm and has extensive experience with attestation reporting.

"State National remains committed to the highest standards of data protection," said Ledbetter. "Our SSAE audit will provide lenders continued assurance, based on our own internal audit and this independent review that we consistently maintain a secure and sound operation."