Technology

SAS-70

Statement on Auditing Standard 70 short for SAS 70 has been developed and maintained by the AMERICAN INSTITUTE OF CERITFIED PUBLIC ACCOUNTANTS (AICPA).

Basically SAS 70 is “Report on Processing of the Transactions by the Service Organizations” , here certain standards are made for service auditors that audit and assess the internal controls in a service organization. When the auditing is done by the service auditor a report called ‘Service Auditor’s Report’ is issued by the service auditor.

An entity or business which provides the outsourcing services is called the service organization. The customers control environment can and mostly impacted by the outsourcing services. Some types of the service organizations are data centers, clearing houses, processors which claim insurance, and companies of credit processing.

SAS 70 is a very thorough audit which is mainly used like authoritative guidance. It is a very substantial and helpful audit for today’s market because it shows lucidity in the business which works with the service organization. It also shows to the service organizations the prospective clients which have been deemed and thoroughly checked by service organizations to have safeguards and satisfactory controls either while hosting the precise information or information to be processed such as the data about the customers who they deal with.

Since the execution of Sarbox Act SAS 70 has become very popular. Sarbox (SOX) also known as Sarbanes-Oxley Act adds importance for the implementation of SAS 70 which is an essential resource which shows the efficiency of all the data security safeguards and internal controls in a service organization.

SAS 70 REPORTS

SAS 70 reports are of two types:-

  1. It is referred as TYPE I and it includes opinions given by service auditor. The reports of Type I describe the degree by which the organization represents its services to the controls which have been executed in operations with its inbuilt designs to attain the objectives which have been set forth.
  2. Reports of the TYPE II are like the reports of TYPE I, but one more section is also added, this section includes opinion of the service auditor on the way effective controls are operated under a defined period through the review (this defined period usually is six months or longer).

It is important to note that there exists a big difference between TYPE I and TYPE II, the reports of the TYPE II are much more thorough as the auditors give an opinion on the way effective controls are operated under a defined period through the review whereas the reports of TYPE I only tells about the controls. TYPE II checks the efficiency of the controls to assure the correctness of their working because the reports of this type requires a lot more through the audit and they are relatively more expensive.

ADVANTAGES ON USING REPORTS OF SAS70 FROM THE PERSPECTIVE OF USER ORGANIZATION

The reports of the SAS 70 are very advantageous to the user organization as they asses the controls and safeguards of the service organizations. The reports which are received by the user organizations are with all the required details describing the specific controls of the service organizations and in the reports of TYPE II whether the safeguards and control are effective or not.

The reports of SAS70 are a very important tool for the auditors of the user organization, these reports are mainly used for the planning of the financial statements of user organization. The SAS 70 report not only provides essential information, but it also can set off the cost for the organization because they no longer have to send the service organization audits of their own.

BOOKS ABOUT SAS 70

A well known book on SAS 70 is the PRACTICAL GUIDE TO SAS 70 ENGAGEMENT. This book covers the engagement of SAS 70 from the Service Auditors point of view and it also covers on the way this engagement is done. This book tells us how to and has all the examples, sources of all the information, checklists and a project plan from beginning to the end. It also tells us how to expand and enhance CPA practice by the performance of SAS engagements. It gives Service Organizations which need a SAS 70, all the information and process which will be requested by Service Auditor. This books tells internal auditors preparing for SAS 70 of the organizations about all the processes and what and why the Service Auditors will request.

Additional Reading on What Is SAS 70

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • StumbleUpon

Related articles:

  1. ERP ERP which stands for Enterprise Resource Planning consists of many...

No Comment BOOKMARK
This entry was posted on Sunday, September 5th, 2010 at 7:42 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply:

Name (required):
Mail (will not be published) (required):
Website:
Comment (required):
XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>