Frequently Asked Questions:

Regulatory Compliance in Healthcare and Financial Services

Since the scope of SAS 70 audits has grown tremendously within the last few years, service organizations within almost every conceivable industry can be viewed as potential candidates for this type of audit. Third-party, outsourcing vendors providing services to the healthcare and financial services industries, to name a few, are falling under the SAS 70 mantra, due in large part to the relationship with the Health Insurance Portability and Accountability Act; HIPAA and SAS 70 and the Gramm-Leach Bliley Act: GLBA and SAS 70.

While many traditional service organizations, such as payroll companies and third-party administrators (TPA), are being mandated for SAS 70 compliance, an emerging class of outsourced vendors is currently surfacing. Service organizations providing managed I.T. services, web-hosting, data processing, electronic records management, and a host of other electronic transaction activities are quickly facing the realty of adhering to SAS 70 compliance. What’s interesting to note is that Statement on Auditing Standards No. 70 (SAS 70) has kept pace with these changes, as witnessed by the amendments on the auditing standard to include The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit, known as SAS 94.

Because the time and costs for achieving SAS 70 compliance can be substantial, service organizations should learn important facts on SAS 70 pricing, while gaining an understanding of the history and overview of Statement on Auditing Standards No. 70 (SAS 70).

Additionally, service organizations can download a sample SAS 70 report, which highlights and details essential subject matter that should be included in every SAS 70 Service Auditor’s Report.

By embracing the audit and not looking at it solely as a must do compliance cost, service organizations can achieve expected SAS 70 benefits, the most important being their internal control framework being reviewed by an independent Certified Public Accounting (CPA) firm.

Frequently Asked Questions

Services Organizations and SAS 70 Compliance Requirements
Which Industries Need to Gain Compliancy?
Advantages of SAS 70 Compliance
Criticisms Toward the Auditing Standard
Primary Differences between SAS 70 and IT Assessments
Who Can Conduct a SAS 70 Audit?
What are the Differences Between a Type I and Type II Audit?
What is the Expected Price of a SAS 70 Audit?
Which Areas of a Service Organization are Tested during an Audit?
What Industry Standards/Frameworks are Used for Conducting an Audit?
After Completion, What Deliverables are Received from the CPA Firm?
How Long is a Serivce Auditor's Report Valid For?
Do Service Organizations Need to be SAS 70 Compliant Every Year?
Who Uses and Reads a Service Auditor's Report and Why?
Do you have a Sample SAS 70 Download Available?

« Prev | Next »

Regulatory Compliance in Healthcare and Financial Services

Frequently Asked Questions

3 Reasons to Choose NDB, LLP