SAS 70 |
SAS 70 is an auditing standard developed by the American Institute of Certified Public Accountants. By representing that a service organization has been through an in-depth audit of their control activities, SAS 70 has long given the financial auditors of “user organizations”—those organizations that outsource processes to “service organizations”—a standard measure for understanding the controls at the service organization, including controls over information technology and related processes, that are relevant to the audit of the user organization. Understanding a company’s internal control when performing a financial statement audit is a requirement of SAS No. 55, Consideration of Internal Control in a Financial Statement Audit.
SAS 70 is the most widely employed approach to executing the oversight of third parties. In the past, it was a tool used almost exclusively by user-organization financial auditors (“user auditors”) to gain an understanding of the controls at service organizations. Section 404 of Sarbanes-Oxley has made SAS 70 a critical tool for user and service organizations alike to help form part of the evidence supporting the report on the effectiveness of internal control over financial reporting.
Our SAS 70 services can bring an organization value through improved third-party risk management and performance, and include:
- Determining the spectrum of required SAS 70 coverage required.
- Executing SAS 70 reports for outsourcers—dependent on company not being an attest client of the firm.
- Executing SAS 70 reports for service providers—dependent on company not being an attest client of the firm.
- Expanding the scope of SAS 70 reporting based on assessment of the spectrum required and value to be delivered.
The New Landscape - SAS 70 in the Sarbanes-Oxley Era
(1495.27 KB)
