SAS 70 Type II Audit Reports | How to Plan & Prepare for a SAS 70

SAS 70 audit reports are being required by so many service organizations these days, that it’s imperative you have a keen understanding of what a SAS 70 is and also how to effectively plan for a SAS 70 audit.  First and foremost, spend some time at the official SAS 70 Resource Guide and learn about SAS 70 audits. There you will  find an abundance of information on SAS 70 Type I and Type II audits, along with pricing considerations, audit scope, and even a roadmap for SAS 70 compliance, which is what we’ll talk about today.

The following are the steps that should be undertaken for effectively preparing and planning for a SAS 70 audit.

1. Find the RIGHT firm-Sounds easy, but make sure you find a firm that gives you a fixed fee, has adequate experience in your industry and has some level of recognition on a regional, possibly national scale.

2. Identify the SCOPE of the audit-Make sure you and the CPA firm clearly understand the scope of the audit, such as what will be included in testing, what physical locations will be tested, how long will the test period be for the SAS 70 Type II audit. Don’t get scope creep; identify these issues at the front.

3. Do conduct a SAS 70 READINESS ASSESSMENT-That’s right, you need to crawl before you walk, so jumping into a SAS 70 Type II audit without doing a readiness assessment is not advised. Many firms will provide you with a readiness assessment; thus charging you a small fee, some, such as our firm, will provide you free of charge , SAS 70 readiness assessment templates. A readiness assessment is an excellent way to identify gaps and deficiencies within your control environment. Take a little time at the front end in doing a readiness assessment will prove highly worthwhile.

4. Agree on deliverables and milestones-Make sure that you and the CPA firm conducting the SAS 70 audit agree on various phases an stages of the audit, such as completion of fieldwork, delivery of reports, etc.