SAS 70 Compliance Resource Guide
Understanding Internal Controls
The SAS 70 Web site is a resource Web portal developed in response to the growing demands for SAS 70 compliance, which includes SAS 70 Type I and SAS 70 Type II audits required by service organizations under today’s ever-expanding regulatory compliance umbrella. Additionally, in-depth information can be found on our site in regards to the history and overview of the auditing standard, SAS 70 pricing, along with many other important facts. Recent federal legislation, such as Sarbanes-Oxley (SOX), HIPAA, GLBA, coupled with growing state privacy laws and rulings are requiring companies to provide evidence of a strong, sound system of internal controls.
The regulatory landscape has changed for service organizations as external pressure from clients and auditors are now requiring SAS 70 compliance on an annual basis. Gaining a comprehensive understanding of SAS 70 will help organizations plan and execute the audit in a cost-effective, efficient manner.
- SAS 70 (the Statement on Auditing Standards No. 70)
- is part of the AU Section 324 Codification of Auditing Standards which is used to report on controls placed in operation and the testing of the operating effectiveness of those controls. In simpler terms, it's a widely used compliance audit for assessing the internal control framework on service organizations that provide critical outsourcing activities for other entities. The current SAS 70 auditing standard is a culmination of various other amended auditing standards that are contained within AU Section 324. [ full definition ]
Industry Trends for SAS 70 Compliance
Will the demand for SAS 70 compliance continue to increase?
Yes, and service organizations need to be prepared to adequately address issues such as SAS 70 pricing, developing a roadmap for compliance, and knowing what's in a report. Based on current regulatory compliance demands, this once-obscure, little-known auditing standard is here to stay.