May 10, 2009

SAS 70 Audit and Compliance Tips | Obtain an Example Type II Audit Report

Filed under: Uncategorized — Tags: , , , , , , , — Charles Denyer @ 5:19 pm

SAS 70 Audit and Compliance is a growing trend in today’s business arena. Many companies that fall under the auspice of a “service organization” are being required to be SAS 70 Type I and/or Type II compliant. Now is a good time to understand the “who, what, where, and why” of  SAS 70 compliance and how it affects your organization in your overall SAS 70 needs.

Understand that SAS 70 is actually an auditing standard put forth in 1992 by the American Institute of Certified Public Accountants, simply known as the AICPA. The SAS 70 auditing standard has garnered much attention since the passing of the Sarbanes Oxly (SOX) Act of 2002.  Here are some questions to keep in mind if your organization has to be SAS 70 compliant:

1. What is the scope of the audit? Is it a general controls audit or are their provisions/mandates/requirements to include specific business processes in the audit.

2. Where will the fieldwork take place and how many other locations fall under the scope of the audit?

3. How are the control objectives for the audit going to be developed? Do we have the expertise or can the external CPA firm assist in this area?

4. If a Type II SAS 70 is being performed, what is the “test period”?

To learn more about SAS 70 audits and to receive a sample SAS 70 Type II audit report in pdf format, visit the official SAS 70 Resource Guide.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment



Blog Navigation

Subscribe

Fill out the form below to become a subscriber to the SAS 70 Resource Guide Newsletter. Your information will never be shared with any third-party vendor or company.

For the latest information about SAS 70, subscribe to the SAS 70 Resource Guide News Feed by following the links below.

RSS | atom

about feeds

SAS 70 Google News Alert Widget provided by Grazr