June 14, 2008

SAS 70 | Finding V-A-L-U-E in the Audit Process

Filed under: News, Services — Tags: , , — Charles Denyer @ 11:21 am

Believe it or not, all those hard earned corporate dollars that are being spent on SAS 70 Type I and Type II regulatory compliance audits “should” give organizations a tremendous amount of benefits and value. I stress “should” because if the audit is done correctly, the notable benefits will outweigh the time and costs that went into the audit for ensuring compliance and ultimately, a “clean” audit report.

To be fair, many service organizations undergoing a SAS 70 Type I or Type II audit have been vocal in their criticism of SAS 70, with a fair amount being pointed to the lack of structure within the audit along with soaring costs.

My advice: buyer beware-choose a firm with reputable name, a fair, equitable fee. But also, a firm that provides value to the audit. Value in spending thousands of dollars on a compliance audit? Absolutely. Where and How? Well, let’s talk about the where and how:

  • Proof to your customers (i.e., user organizations) that your internal control framework is sound, working as designed, and you are conducting business activities/transactions/processes in a safe, secure, and reliable environment. Now more than ever, user organizations are asking the tough questions and demanding answers from their outsourcing providers-YOU.
  • Strengthen your Own Internal Control Environment-After all, the audit is about your organization and what testing was conducted for ensuring that YOUR control structure is adequate and working as designed. Many times, however, deficiencies are uncovered in a service organization’s internal control framework. Don’t despair, as these should be looked upon in a positive light. How so? Hey, nobody’s perfect, and you should not expect to receive a perfect audit with no exceptions. If you did, what is the value and purpose of the audit after all? Take the recommendations given to you by your auditors to heart and correct the problems for subsequent audit periods. Your control environment will be stronger, you have learned valuable lessons and your auditors are helping you identify deficiencies with which you may have not known about. Its a win-win anyway you look at it.
  • Marketing Efforts-Want to get more business today? A SAS 70 Type II audit might just be your calling. Most organizations I talk to today talk of receiving RFP’s that almost always state that Type II compliance is mandatory for bidding, or if the contract is won, the company has to obtain SAS 70 Type II compliance, and immediately. If the audit can help steer customers your way, then you’ve found even more value in it.

As for SAS 70 sample reports, you can view them by visiting the SAS 70 download available option at the SAS 70 Resource Guide. This should give readers an excellent understanding of what the final audit report will look like.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment



Blog Navigation

Subscribe

Fill out the form below to become a subscriber to the SAS 70 Resource Guide Newsletter. Your information will never be shared with any third-party vendor or company.

For the latest information about SAS 70, subscribe to the SAS 70 Resource Guide News Feed by following the links below.

RSS | atom

about feeds

SAS 70 Google News Alert Widget provided by Grazr