SAS 70 Audits | A Helpful Guide for Organizations

SAS 70 Audits, be it a Type I or Type II audit, are being required now more than ever by companies who outsource a large number of critical activities to third party outsourcing organizations, commonly known as service organizations. As such, these outsourcing entities or service organizations, are having to undertake these rigorous audits for meeting the demands and expectations of their customers. So how can service organizations better prepare for a SAS 70 audit, ultimately creating an efficient and cost effective SAS 70 Type I or Type II audit process? The following helpful road map is what’s considered a best of breed approach for successfully completing a Type I or Type II audit. This road map should be shared with all parties involved with the SAS 70 audit process

• An initial discussion between the service auditor and service organization for the purposes of understanding the scope, timing and final deliverables of the audit.
• The Service organization successfully undertakes a service auditor SAS 70 Readiness assessment.
• The Service auditor reviews, analyzes, and make comments and recommendations regarding the information obtained during the SAS 70 Readiness assessment.
• An In-depth discussion ensues with service organization regarding the SAS 70 Readiness assessment.
• For a more complete listing, please view the step by step process for Type I and Type II SAS 70 audits.

Additionally, a sas 70 download available option on http://www.sas70.us.com allows for an electronic SAS 70 Type II Service Auditor’s Report to be obtained. This final report is a comprehensive example of a final Type II report.