August 23, 2009

SAS 70 Type II Audits | Finding VALUE in the Audit Process

Filed under: News — Tags: , , , , , , , , , , , , — Charles Denyer @ 12:29 pm

SAS 70 Type II audits are being performed on a wide variety of industries in today’s business arena, and as such, many organizations are scrambling to meet the time and expense commitments for these highly specialized audits. Not only can they be considered an expensive financial proposition, SAS 70 audits require significant internal resources for assisting the external CPA firm in conducting the actual audit.

So, where’s the good news, you might ask? Audits take time and they can be expensive, no question about it. However, the audit process itself can be extremely beneficial and productive, giving you valuable insight into your organization.

Consider this: a well-scoped SAS 70 audit covers a number of essential areas and divisions within your organization, such as the following:

· Executive Management

· Human Resources

· Change Management

· Logical Security

· Network Security

· Physical Security

· Environmental Security

· Computer Operations

· Business Continuity and Disaster Recovery Planning

· Various Business Process controls

Thus, the value of the audit comes not from being compliant at the end of the process, but from the recommendations and subsequent activities that your organization has implemented to strengthen its underlying control environment.

Please keep in mind that auditors commonly give recommendations, such as a list of remediation activities to be undertaken after a SAS 70 Readiness Assessment has been performed along with “Management Comments” after the audit. These “pre-audit” remediation activities and “post audit” comments help ensure the service organization is adequately addressing all significant issues in a timely and proactive manner. Many of these issues tend to focus on areas such as the development of policies and procedures or the formalization of many areas within your daily operational environment, just to name a few.

In short, the value proposition from a SAS 70 Type II audit can be quite large indeed, so long as your organization truly embraces the audit for its true merit and worth.

To learn more about SAS 70 Audits, visit the official SAS 70 Resource Guide.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment



Blog Navigation

Subscribe

Fill out the form below to become a subscriber to the SAS 70 Resource Guide Newsletter. Your information will never be shared with any third-party vendor or company.

For the latest information about SAS 70, subscribe to the SAS 70 Resource Guide News Feed by following the links below.

RSS | atom

about feeds

SAS 70 Google News Alert Widget provided by Grazr