A SAS 70 Overview Presentation

A SAS 70 overview presentation is provided on statement on Auditing Standards Number 70, commonly known as SAS 70, which is an auditing statement put forth by the Auditing Standards Board as designated by the American Institute of Certified Public Accountants (AICPA). Over the years, more than 110 "SAS" have been issued, ranging on a number of critical subjects for auditing matters

Audit Timeline for SAS 70 Overview Presentation

Calls for a new auditing standard that would utilize and combine many of the existing auditing standards of internal control, while helping conform to changing industry and market demands resulted in the issuance of SAS 70 in April of 1992. Thus, the SAS 70 overview presentation seeks to inform readers that SAS 70 is not a stand alone auditing standard that came to light independently. Rather, it is an accumulation of core criteria from previous standards, coupled with criteria from subsequent auditing standards issued after SAS 70. Starting years ago with Statement on Auditing Procedures (SAP) and continuing forward with recent Auditing Standards, the below referenced the below referenced SAS 70 overview presentation material shows how other standards have contributed notably to the formation of Statement on Auditing Standards Number 70.

• Special-Purpose Reports on Internal Accounting Control at Service Organizations, known as SAS 44.
• Consideration of Internal Control in a Financial Statement Audit, known as SAS 55.
• Consideration of Internal Control in a Financial Statement Audit: An Amendment to SAS No. 55, known as SAS 78.
• Service Organizations and Reporting on Consistency, known as SAS 88.
• The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit, known as SAS 94.

The Early Days of the Auditing Standard

Years ago, in the early and mid 1990s, SAS 70 audits were used, and still are, for very traditional standards, such as evaluating a service organization’s services if they are part of the user organization’s information system. For example, if the ABC company used the XYZ company, which is a service organization, to perform and conduct transactions and procedures that are considered significant to the ABC company’s "information system" or business environment, then the XYZ service organization would need to be SAS 70 compliant. It was, for the most part, a straightforward approach used by external auditors when evaluating a user organization’s "information system" that had been outsourced to a third-party vendor, known as a service organization.

For a more in-depth examination of the auditing standard, readers can download a sample SAS 70 audit report.