Frequently Asked Questions about SAS 70
Provided below are important facts, details and essential information for anyone seeking to learn more about Statement on Auditing Standards No. 70 (SAS 70). You can now gain a greater understanding of many key components regarding SAS 70 audits by browsing any number of helpful topics.
- Why are service organizations being asked to be compliant?
- What types of industries and service organizations are having to become compliant?
- What are the advantages of compliance?
- What criticisms are towards the SAS 70 auditing standard?
- What are the primary differences between a SAS 70 audit and the host of technology assessments conducted by I.T. consultants?
- Who can conduct a SAS 70 audit on a service organization?
- What are the differences between a SAS 70 Type I and Type II Audit?
- What should an organization expect to pay for SAS 70 Audits?
- What areas for a service organization undergo testing for a SAS 70 audit?
- What industry standards and frameworks are used for conducting a SAS 70 audit?
- After completion of the audit, what does a service organization receive in terms of deliverables from the CPA firm who conducted the audit?
- How long is a service auditor’s report valid for?
- Do service organizations need to be SAS 70 compliant every year?
- Who uses and reads a service auditor’s report and why?
- Do you have a sample SAS 70 download available?
Impact of Audits to the Economy
Interestingly, the last decade has seen somewhat of a shift in auditing. That's not to say there has been a decrease in this specialized service, quite to the contrary. The shift has occurred as financial statement auditing has begun to see somewhat of a flat line in growth, while highly specialized audits, such as Statement on Auditing Standards No. 70 (SAS 70) have been given the limelight. Regulatory legislation, such as the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA), and numerous other federal and state laws have pushed audits, such as SAS 70, into the forefront.
[ More about impact of audits to the economy and SAS 70 ]Privacy Rule Within Gramm Leach
GLBA requires that a financial institutions privacy practices are clear, concise and detail specifically what information is collected, who it is shared with, and what safeguards are enacted for protecting "customers" and "consumers" information. GLBA allows for an "Opt Out Rights" provision, whereby customers and consumers can "opt out", ultimately not having their information given to and shared with external, third party entities.
[ More about Privacy Rule Within Gramm Leach and SAS 70 ]Subscribe
Fill out the form below to become a subscriber to the SAS 70 Resource Guide Newsletter. Your information will never be shared with any third-party vendor or company.
For the latest information about SAS 70, subscribe to the SAS 70 Resource Guide News Feed by following the links below.
