News / Updates / Blog

NatPay Successfully Completes SSAE 16 Type 2 Audit Examination

National Payment Corporation (NatPay), an application service provider specializing in online document management systems and ACH solutions, is pleased to announce that they have recently completed a SSAE 16 Type 2 service audit examination, formerly known as a SAS 70 II audit, of their services. The audit was performed by a nationally-recognized, independent auditing firm, and was completed in January 2013. Included in the scope of the audit were NatPay’s data input and validation controls. The general controls that support these activities were also examined.

SSAE 16 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements No. 16, titled Reports on the Controls at a Service Organizations. SSAE 16 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report.

In order to complete the audit, NatPay management developed control objectives for the significant areas of internal control that support NatPay’s services. The control objectives in the 2012 report addressed each of the following areas:

  • Control Environment
  • Physical Security
  • Environmental Protection
  • Computer Operations
  • Information Security
  • Application Change Control
  • Data Communications
  • Data Input and Validation

NatPay’s service auditor performed extensive testing of the control activities that have been implemented by NatPay to help ensure that all control objectives are met. Following this rigorous examination, the auditing firm was able to issue an unqualified opinion regarding each of the areas described above.

“Our commitment to security is evident by our third examination. This is in addition to other independent audit examinations that NatPay has completed since its inception in 1991,” stated Steve Pereira, Vice President and General Manager. “Our goal is to provide our customers the best possible service with the upmost attention to security that they expect and deserve. Completing SSAE 16 examinations is our proof of statement to this dedication.”

The SSAE 16 Type 2 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by NatPay management.  The SSAE 16 Type 2 report addresses all five components of internal controls, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities.

Furthermore, NatPay’s management understands the ever-increasing importance of corporate governance, as well as the impact of the organization’s services on our clients’ system of internal controls. The successful completion of the 2012 SSAE 16 Type 2 examination is only part of NatPay’s continued commitment to maintaining a high level of internal control. NatPay has engaged its service auditor in a long-term contract whereby NatPay has and will undergo auditing on an annual basis.

About NatPay 
NatPay has been servicing clients since 1991 as an ACH solution and online document management provider. NatPay provides top-quality data consolidation services as a SaaS (Software as a Service) for online reporting and online data maintenance services to our clients with custom systems. NatPay specializes in meeting client-specific requirements in a highly-responsive manner. From our inception, NatPay has helped its clients with cost reductions from AP/AR to HR and e-statement delivery and management.