Linford & Company Methodology: Drafting the Audit Report Early
At L&C, we do two types of audits… SAS 70 audits and royalty licensing audits. Both of these are very different from the audits the clients of most accounting firms are accustomed to going through (such as financial statement audits). While the functional differences are obvious, one key difference that has a profound impact on the success and efficiency of the audit is widely...
Read MoreSSAE 16 Management’s Written Assertion
It was a few years ago while I was a senior manager at a big four firm that the CTO did not want to sign the letter of representations related to the SAS 70 audit. This was an executive at one of the world’s largest companies, and yes it was/is a public company. After reading the boiler plate letter from the AICPA, he went into a rant and said “[h]ow do I know the controls are working? I...
Read MoreIllustrative (eg, example) Control Objectives
Where can one find example control objectives for a SAS 70? One great place to find controls objectives or learn about the wording of control objectives is in Appendix E of the AICPA’s SAS 70 audit guide. In this appendix, you will find control objectives related to information systems (ie, IT general controls), securities custodian, portfolio accountant and some others. There is no...
Read MoreTypes of Controls
What are the different types of internal controls? There are basically four main types of internal controls that service organizations and their service auditors should be concerned with, which are namely: manual controls, IT dependent manual controls, application controls, and IT general controls. Of course there are innumerable variations on the specifics of controls, though these four control...
Read MoreRisks to the Service Organization
What Risks Should be Covered in a SAS 70 Audit? A SAS 70 audit should address “[a]ll of the major aspects of the processing that may be relevant to the user auditors in assessing the risks of material [financial statement] misstatement” (AICPA, 2009 SAS 70 Audit Guide 4.13). This means addressing the risks associated with processing. For example, a service organization may print...
Read MoreAudit Sampling for SAS 70 Audit Examinations
“Audit sampling is the application of an audit procedure to less than 100 percent of the items …for the purpose of evaluating some characteristic…” (AICPA, Audit Sampling Guide 2.19). Audit sampling is used in the context of a SAS 70 audit as a basis to form a conclusion on the operating effectiveness of controls for a Type II report. A walkthrough is generally considered...
Read MoreAbout Linford & Company
We are specialists in the performance of SAS 70 and royalty audits across technical disciplines. We issue SAS 70 reports for a wide variety of service organizations that go to many of the largest user organizations in the world. We also perform royalty audits on some of the largest consumer brands in the world.
 |
Follow us on our blog where we provide information about our firm, insight on SAS 70 and SSAE 16 guidance. |