FAQs
- What is SAS 70?
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. - Who can perform a SAS 70?
A SAS 70 audit can only be performed by an independent Certified Public Accounting (CPA) firm. CPA firms that perform SAS 70 audits must adhere to specific professional standards established by the AICPA. They are required to follow specific guidance related to planning, execution, and supervision of the audit procedures and the reporting of the results of the audit. - Why would my organization need a SAS 70?
Data is precious and service users often request proof that service providers have sufficient controls and safeguards in place where user data is transmitted, processed or stored. SAS 70 reports satisfy these requests and provide unbiased feedback for the service provider organization, which aids in meeting quality and process control initiatives. Additionally, the requirements of Section 404 of the Sarbanes-Oxley Act make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting. - What is the difference between Type I and Type II?
A Type I report represents a service organization’s description of controls at a specific point in time. A Type II report not only includes the service organization’s description of controls, but also includes detailed testing of the service organization’s controls over a minimum six-month period. - How quickly can a SAS 70 be completed?
It depends on how well prepared the service organization (client) is. However, generally speaking, Type I audits can usually be completed quickly giving the service organization a report they can provide within as little as a month, while for a Type II audit there must be at least six months of auditable activity available as well as additional time in the audit procedures to complete testing of those control activities.
Quality in Reporting
Linford & Company SAS 70 reports are relied on by some of the world's largest user organizations including numerous top five investment banks, top five commercial banks, and top five health insurance companies, just to name a few.
Contact Us
Have questions or want to discuss details, timing, or pricing related to your SAS 70 project?
 |
Phone: +1 (720) 330-7202 Email: info@linfordco.com or visit the Contact Us page |