Avalara has successfully completed the SSAE 18 SOC 1 Type 2 audit of internal controls.
- SSAE 18 stands for Statement on Standards for Attestation Engagements, which is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) that provides internal control standards for reporting on controls at service organizations like Avalara.
- A SOC1 report (Service Organization Controls Report) is a report on Controls at a Service Organization, which are relevant to user entities’ internal control over financial reporting. The SOC1 report is what would have previously considered to be the standard SAS70. Type 2 reports require that management provide the following: a written statement of assertion along with developing a description of their "system". The description of the "system" can be looked upon as a more in-depth and comprehensive narrative than provided by the old SAS 70 description of "controls".
- ISAE 3402 is an extension and expansion of SAS 70 (the Statement on Auditing Standards No. 70), which defined the standards an auditor must employ in order to assess the contracted internal controls of a service organization.
- You can be assured that you are doing business with a company that is diligent and firmly committed to managing its internal controls and processes in a pro-active and responsible manner. Avalara has been independently audited, with an emphasis on standards of internal controls that affect the company's financial statements. Those controls were monitored over a specified period of time and were found to be suitably designed and effective in managing risk.
- Avalara is unable to provide SOC 1 reports for our partners or vendors due to Restricted Use limitations. SOC 1 reports can only be obtained directly from the company detialed within the report.
- Most areas of the company were covered by the SSAE audit including departments from Human Resources to Avalara Support to the Avalara data center all the way down to an audit of building security and disaster recovery and backup procedures.
- Contact your Account Manager to sign a non-disclosure agreement and request a copy of the full report.