June 26, 2008

SAS 70 | Understanding Pricing & Audit Scope

Filed under: News, Services — Tags: , , , , — Charles Denyer @ 10:13 am

Do you need to be SAS 70 Type I or Type II compliant? If you are a service organization and you answered yes, then this helpful information on pricing and audit scope should prove invaluable for the audit process.

First and foremost, determine if you need a SAS 70 Type I or Type II audit. Most companies requesting this specialized audit from you will ultimately want you to be Type II compliant, but you might be able to “sneak” through a Type I for the first year. Talk to your clients, find out the regulatory requirements pushing them, and then agree on which SAS 70 audit has to be done.

Scope-This, to a large degree, drives pricing. Sure, all CPA firms have a number in mind that they are going to be using as a baseline, but what needs to be determined are the following factors, which you need to discuss with any CPA firm giving you a bid for the SAS 70 audit:

1. SAS 70 Pricing needs to include a discussion of what business processes or business platforms are going to be covered in the SAS 70 audit. For example, if you are a Third Party Administrator (TPA), will you be covering plan administration, billing & eligibility, plan setup, etc? Wait a minute, you might say, shouldn’t this be part of the general audit? Not necessarily, some firms will provide you a fee for a simple “general controls” SAS 70 audit, which basically looks at a core group of controls, regardless if you are a TPA or the Widget company. That’s why it’s important to agree on and understand what business processes will be covered in the SAS 70 audit, and what the fees are for them.

2. Physical Locations-Where are you located? How many locations? Do the auditors need to visit each physical location for testing?

Pricing-Try to obtain a “fixed fee”, that is, a fee that includes all travel, out of pocket and miscellaneous expenses for the audit. The reasons are simple, CPA firms that do not quote you a “fixed fee”, well, expect to pay 10 to 20 percent over their proposal to cover for all these out of pocket expenses. Auditors have to travel, book flights, rent cars, stay in hotels-get my point?

If you want to learn more about Type I and Type II audits, available are SAS 70 sample reports from the SAS 70 Resource guide.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment



Blog Navigation

Subscribe

Fill out the form below to become a subscriber to the SAS 70 Resource Guide Newsletter. Your information will never be shared with any third-party vendor or company.

For the latest information about SAS 70, subscribe to the SAS 70 Resource Guide News Feed by following the links below.

RSS | atom

about feeds

SAS 70 Google News Alert Widget provided by Grazr